CS Mar Apr 2022

More documents

Recommendations

Info

NHS breaches Felix_Rosbach, comforte AG: effective data security and the principles of Zero Trust need to be applied directly to sensitive patient information. Matthew Aldridge, Webroot: unsurprising that breaches of important medical information are becoming more and more common. "We have witnessed many healthcare organisations become victims of cyberattacks and, while organisations have concentrated on trying to secure endpoints and certain devices, such as Internet-of- Things (IoTs), they fail to secure the Domain Name System (DNS), which is ultimately being used as a path for cyber criminals to launch cyberattacks. By design, DNS is an open service, with virtually all internet and internal network traffic travelling through it. If a DNS server goes down, then the network is essentially halted, which means access to vital applications and services will stop. DNS servers have therefore become a leading point of entry for attackers and data exfiltration." Research by EfficientIP and IDC found that the average cost per DNS attack increased to £629,720 in 2021, a rise of 12% from 2020 and the sharpest increase seen, compared to other industries such as telco, finance, retail and education, he adds. "It is not just the monetary cost which has a significant impact on healthcare organisations, but also the length of time systems are down." According to David, it took the healthcare industry an average 6.28 hours to mitigate each attack, which is too long when it can take only seconds for a cyber criminal to launch an attack. 53% of companies said that application downtime could have heavy consequences for both patients and providers. "When healthcare professionals are already under enough pressure, the last thing they need is an announcement that their systems aren't working due to an attack on the DNS. To ensure proper protection, organisations need to implement DNS security solutions that enable real-time traffic analysis which can detect, and thwart threats hidden in the traffic. Additionally, application access control at the user level strengthens the security chain at the earliest point in the flow, reducing the attack surface and blocking the lateral movement of malware." If the healthcare industry wants to protect users, data and applications properly, DNS security is a must-have in any modern arsenal of defence against cybersecurity threats, he insists. "It must be seen as the absolute foundation to security and Zero- Trust projects." ACHIEVING THE PERFECT BALANCE Paul Prudhomme, head of threat intelligence advisory at IntSights, a Rapid7 Company, believes achieving the perfect balance between usability and security has always been the greatest challenge for IT systems and this rings very true for the healthcare sector. "The time-sensitive nature of the healthcare industry has resulted in the clash between the two sides and has ultimately seen healthcare organisations prioritising usability," he points out. "With seconds making all the difference when it comes to patient care, security can sometimes be seen as an inconvenience, especially when operations are delayed for minutes or potentially hours due to security teams needing to patch a vulnerable device. However, this decision ultimately makes the healthcare industry a priority target for threat actors, knowing that there are plenty of vulnerable devices on their network, which have the potential to cause significant damage." Medical devices, such as operating room monitors, are a popular entry point for threat actors when trying to breach a healthcare organisation's network. Their weak security means that threat actors can easily leverage them for access and then move laterally across the network. "Hospitals are popular targets for ransomware gangs, due to the amount of personal data they hold. Patient records contain Personally Identifiable Information (PII), which can be held to ransom from the hospital or sold on the dark web." With hospitals seemingly being the perfect target for cyber criminals, the healthcare 26 computing security Mar/Apr 2022 @CSMagAndAwards www.computingsecurity.co.uk
NHS breaches industry would greatly benefit from understanding who is likely to attack them and how, he adds. "It is also critical for the healthcare sector to strike the right balance between usability and security. Any chosen solutions should improve security posture, while minimising the impact on service." First, healthcare organisations should ensure that they have offline backups and strong encryption in place, Prudhomme recommends. "The best form of defence against threats like ransomware attacks is to eliminate the opportunity of paying a ransom demand. Ransomware gangs have learnt that backups are the best form of defence against their attacks and strong encryption is going to make it nearly impossible for them to leak the data." Healthcare organisations can look to technology such as threat intelligence to shed light on the tactics, techniques, and procedures (TTPs) of threat actors and get the heads up on threats before they actually happen. "This allows them to tailor their security strategy accordingly," he adds. "When healthcare organisations understand who may attack them and how they could do it, they can put security measures in place that are effective, but minimise the cost." CRIMINAL SUCCESS NOT A GIVEN While attacks are inevitable, criminal success is not, comments David Sygula, senior analyst at CybelAngel. "The trouble is that organisations are big and there is a lot of data in many hands. Organisations often don't realise that they've left sensitive data exposed and therefore believe they're completely secure." There are several ways that organisations can unintentionally leave data vulnerable to cyber theft, such as exposed databases, forgotten databases and third-party weaknesses. "Over time," he states, "we've noticed that a major cause of exposed cyber records is human negligence, either because of skill shortages, overwhelming workloads or lack of visibility. "To keep data secure, teams must stay on top of patching, although this can be complicated and time-consuming. Additionally, if the open API access is misconfigured, then all efforts will go to waste and the data will be left exposed anyway. One wrong move could result in devastating consequences." Looking beyond the initial fear of losing sensitive data, once an attacker gains access to the network they will endeavour to keep their foothold so they can breach more data. "No part of the system will be safe," warns Sygula. "It can be hard to tell which areas of the network are infected. Even if the initial point of entry is discovered, criminals can navigate undetected, causing major damage before they are finally discovered." GETTING THE BASICS RIGHT An effective security strategy must be built on strong foundations - which start with getting the basics right, he adds. "As patching systems are a crucial element of securing data, organisations must ensure the necessary training is provided to avoid human error, especially if there is a skills shortage. Additionally, IP scanning solutions can help identify existing data leaks and which databases, cloud storage or network storage devices need priority action." The final step, he points out, is automating this process, so that incidents are handled quickly and efficiently. "Digital risk solutions are available to disrupt their kill chain by blocking the footholds that attackers rely on," Sygula concludes. "Organisations will be able to uncover existing exposures and correct any weaknesses within databases before any damage is done. This increased visibility is vital for maintaining and strengthening defences - and keeping attackers out." Paul Prudhomme, IntSights, a Rapid7 Company: it is critical for the healthcare sector to strike the right balance between usability and security. Ronan David, EfficientIP: the Domain Name System is ultimately being used as a path for cyber criminals to launch cyberattacks. www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security 27
Page 1: Computing Security Secure systems,
Page 4: Secure systems, secure data, secure
Page 7 and 8: Strengthen your data resilience wit
Page 10 and 11: ehavioural insights INFORMATION SEC
Page 12 and 13: MSP insights THE MSP ATTACK TARGET
Page 14 and 15: metaverse VIRTUAL WORLD, REAL DANGE
Page 16 and 17: compliance GETTING TO THE HEART OF
Page 18 and 19: cloud THE CLOUD CONUNDRUM CLOUD, IN
Page 20 and 21: cloud Raghu Nandakumara, Illumio: a
Page 22 and 23: tech scrap I.T. EQUIPMENT JUNKED PR
Page 24 and 25: NHS breaches NHS BREACHES - JUST A
Page 28 and 29: ansomware RANSOMWARE NOW A GLOBAL M
Page 30 and 31: ansomware Daniel Hofmann, Hornetsec
Page 32 and 33: Log4shell LOGJAM OF CONCERNS LOG4SH
Page 34 and 35: Log4shell Jude McCorry, SBRC: all o
Page 36: PLAY IT SAFE WITH 365 TOTAL PROTECT

CS Mar Apr 2022

Create successful ePaper yourself

Delete template?

Save as template?