The following is a guest article by Dave Bailey, VP of Security Services at Clearwater.
Today’s adversaries are successfully taking advantage of a user’s likelihood to open a malicious file, click a malicious link, or steal a user’s identity to launch disruptive and potentially destructive attacks. Once the weakness is exploited, they launch their attacks, steal sensitive information, and extort businesses for financial gain. In addition, most healthcare providers experience critical disruption to care delivery and mission-critical functions. A successful adversary was able to operate in an organization’s “blind spot” throughout the attack. If you are at the point of negotiating with the cyber-criminal to not go public or to get your data back, it usually means the following occurred within the blind spot:
- One or more individuals clicked a link or opened a malicious file
- Malware was installed in the environment
- A device or system was missing an available patch or upgrade
- One or more account credentials were compromised
- A cyber-criminal spent time in your network undetected
- Data was exfiltrated from the network
Unfortunately, there isn’t a way to eliminate the blind spot; however, there are must-do behaviors that can minimize the impacts of these types of attacks and build resiliency within the organization. It is important to highlight these activities as behaviors, and not have them looked upon as projects that have a start and end. Too many organizations look at security and compliance as a set of transactional activities that are completed on a set schedule by the IT staff. It is time to get off that hamster wheel and have security and compliance as the fabric of the business. Here is a roadmap for making that happen:
Continually Assess Risk
The foundation of defeating the adversary is determining what risks are in the environment and remediating those risks to an acceptable level. It is impossible to protect your data and the safety of your patients and employees without knowing what you must protect. Identify every asset or system in the environment and continually perform a risk analysis to understand what risks are present. Once known, have the business own or accept the risk, build a plan to address the risk, and put appropriate and reasonable measures in place to reduce the risk.
Continually Make Everyone Aware
Users are a big part of the attack surface and continue to be the primary threat vector for the adversary to initiate their attacks. Making users aware of what the adversary is doing, testing their awareness, and practicing what to do in the event of an incident must become standard behaviors in the work environment. This includes all levels in the organization including the board of directors, partners, and all stakeholders in the success of business.
Protect Identities
The adversary is after your identity to find your data and execute their attacks. Implement practices to ensure users are provided with the appropriate and minimum level of access to perform their duties and use multi-factor authentication to access all sensitive data. We must assume that passwords are easily compromised, and the use of additional authentication layers is the minimum necessary to ensure the confidentiality of the data.
Continually Monitor Everything
Early detection of cyber incidents is critical in stopping the attacks and minimizing their impacts. Implement continuous monitoring of the network and all endpoints and have playbooks in place to immediately act on unusual or malicious behavior. Detecting and responding early in the attack will increase the likelihood of minimizing the impact of an adverse outcome.
Validate Effectiveness
It takes tremendous commitment and investment by the organization to implement appropriate and reasonable safeguards to protect data. It is critical to building behaviors within the program to validate the effectiveness of those controls and ensure what is operating can detect, prevent, or minimize the attacks from the adversary. Once the people, process, and technology are in place, continually test and validate their effectiveness against today’s threats.
Too many organizations are unaware of their blind spot or how big the blind spot is. It is time to change to approach, reduce your blind spot, and build the behaviors that can defeat the enemy or at best make the impact minimal or survivable.
About Dave Bailey
Dave Bailey is Vice President of Security Services at Clearwater and leads the managed, professional, and consulting services for the cybersecurity business. Before his role at Clearwater, Dave served as the Director of Technology and Security at Mary Washington Healthcare, where he was responsible for technology leadership and served as the HIPAA Security Officer. Dave received an Executive Master of Business Administration (EMBA) from Quantic School of Business and Technology, his Bachelor of Science (BS) degree in Computer Science from Wilkes University and is a Certified Information Systems Security Professional (CISSP). Dave has spent the last 14 years in healthcare cybersecurity and previously has more than 12 years of cybersecurity experience serving in the Air Force and supporting the federal government, both in small and large businesses, as a cybersecurity leader and professional.
