A recently-published survey suggests that while most health IT security leaders feel confident they can handle external attacks, they worry about insider threats.
Cybersecurity vendor Imperva spoke with 102 health IT professionals at the recent HIMSS show to find out what their most pressing security concerns were and how prepared they were to address them.
The survey found that 73% of organizations had a senior information security leader such as a CISO in place. Another 14% were hoping to hire one within the next 12 months. Only 14% said they didn’t have a senior infosec pro in place and weren’t looking to hire.
Given how many organizations have or plan to have a security professional in place, it’s not surprising to read that 93% of respondents were either “very concerned” or “concerned” about a cyberattack affecting their organization. The type of cyberattacks that concerned them most included ransomware (32%), insider threats (25%), comprised applications (19%) and DDoS attacks (13%). (Eleven percent of responses fell into the “other” category.)
Despite their concerns, however, the tech pros felt they were prepared for most of these threats, with 52% that they were “very confident” or had “above average” confidence they could handle any attack, along with 32% stating that their defenses were “adequate.” Just 9% said that their cybersecurity approach needed work, followed by 6% reporting that their defenses needed to be rebuilt.
Thirty-eight percent of the health IT pros said they’d been hit with a cyberattack during the past year, with another 4% reporting having been attacked more than a year ago.
Given the prevalence of cyberthreats, three-quarters of respondents said they had a cybersecurity incident response plan in place, with another 12% saying they planned to develop one during the next 12 months. Only 14% didn’t have a plan nor was creating one on their radar.
When it came to external threats, on the other hand, respondents seemed to be warier and less prepared. They were most worried about careless users (51%), compromised users (25%) and malicious users (24%).
Their concerns seem to be compounded by a sense that insider threats can be hard to detect. Catching insiders was difficult for a number of reasons, including having a large number of employees, contractors and business partners with access to their network (24%), more company assets on the network or in the cloud than previously (24%), lack of staff to analyze permissions data on employee access (25%) and a lack of tools to monitor insider activities (27%).
The respondents said the most time-consuming tasks involved in investigating/responding to insider threats included collecting information from diverse security tools (32%), followed by tuning security tools (26%), forensics or incident analysis (24%) and managing too many security alerts (17%).