Growing up in rural Iowa where the front door was never locked and the keys were usually in the truck, I was taught when you go into the city, you need to take precautions and make yourself a hard target. Advice given included everything from parking under the lights, looking strangers in the eye with confidence, and most importantly, paying attention to your surroundings.
Today, we need to follow similar advice, step up our guard and be aware of our surroundings in cybersecurity space. ICYMI, the surge in ransomware attacks impacting everything from fuel supply (Colonial Pipeline) to food supply (JBS) has Americans paying attention to the dependency on technology for everyday essentials. In fact, a presidential executive order was issued on May 12, specifically calling for urgent action to harden cyber defense postures across the federal government and its contractors in response to the increasing threat level.
Why is healthcare a target?
The healthcare sector continues to be a leading target for ransomware. 2020 was another record year in the number of attacks, and the costs of ransomware nearly doubled to an estimated $20 billion. The average total cost of a data breach in healthcare was $7.1 mil in 2020. We’re seeing not only an increase in frequency of attacks, but also an increase in the amount of money organizations are paying to get their data back. Like they say in children’s book If You Give a Mouse a Cookie… if you give a cybercriminal money once, they will come back for more. In fact, a recent study revealed that 80% of businesses that paid ransomware were attacked a second time.
With healthcare records representing the crown jewels, they become a favorite target for bad actors who continually are finding ways to profit from the vulnerabilities technology affords them. Their stealth, proficiency and expertise in stealing your data is forcing organizations and IT teams to reassess their vulnerabilities and harden their security posture. According to the IBM annual threat assessment report, software patching or lack thereof emerged as the biggest vulnerability for organizations as it opens the door for access to bad actors. To put in plain context, these vulnerabilities are known back doors, allowing access to critical infrastructure components. Why would the bad actors mine for credentials in phishing attacks when the back door to your organization is wide open for the taking with these vulnerabilities?
Closing the back door to bad actors requires a disciplined, urgent approach to infrastructure hygiene. Patching is critical to ensure you are running the most recent version of software with the latest security bug fixes. Infrastructure providers and software providers regularly release patches in order to improve their application performance and introduce new features, so organizations have become numb to the release notifications. Most manage patching like many of us do with our tire rotations, “Next time in the shop, I’ll get to it.” It’s time to shift priorities and manage emergency patching for vulnerabilities like a bad tire; it may be inconvenient to change it but going forward on the flat tire can spell disaster.
How do you get behind on patching?
Many leading software companies like Oracle and Microsoft are releasing patches once or twice a month. For busy IT teams, updating software can be a full-time job. When you consider the amount of time it can take to apply and test updates, it is understandable why some organizations get behind on this. More importantly though, organizations may not even realize they are susceptible because they do not know everything deployed in their environment. Maintaining your known inventory is hard enough, let alone dealing with the overhead of tech debt that can expose your organization and really catch you off guard.
It’s fairly easy for hackers to scan for and exploit known vulnerabilities, and information sharing on the dark web between bad actors and nation states has made efforts to exploit these back doors easier than ever. Because of the ability to identify and exploit these backdoors, this infection method has surpassed phishing emails and appears to have largely displaced credential theft as the most reliable method for attackers to infiltrate a network.
If a hacker can slide in through an unpatched server or firewall, why would they spend time sending phishing emails to your users hoping for a nibble?
How do you become a target?
As mentioned, an unpatched server is like leaving your back door open. Hackers have the ability to scan for unpatched servers and deploy malware to organizations running vulnerable versions of software. Once a hacker is in your network, the resiliency of your cyber posture is really tested. You can no longer rely on prevention, and you have moved to the next phase of cyber resiliency – your ability to identify the threat, contain it, eradicate and recover. Your network design is then tested to validate if you have implemented network segmentation to minimize the damage and allow time for discovery and response to the threat. For unsuspecting organizations, bad actors can “live” in your network for months, waiting to launch an attack and leverage their position for a variety of exploits including extortion in addition to ransomware.
With the demand for patching rising rapidly, bad actors are betting on patching fatigue for your IT team. Picture a hockey goalie blocking shots; in spite of a high success rate, it only takes one shot to score, and that’s what the bad actors are counting on. They are scanning healthcare organizations on a regular basis looking for gaps. If your IT support staff has not felt the increased demand for patching and demanded more resource support, it could mean that the patching is not occurring – making you a target.
Strengthening your security posture
With the threat level at its highest and continuing to increase, it is more important than ever to pause and take an honest assessment of your security posture. Much like the best approach to addressing our physical health, engaging an expert is highly recommended to assist in your current assessment and formulation of a plan. As the complexity of threats continue to increase, the controls that may have protected you last year may not be enough for today’s threats. Your organization requires a tailored plan and adoption of a best practice security framework to ensure you can maintain a resilient security posture. (I strongly recommend leveraging NIST resources for your cyber security framework and design principles – visit https://www.nist.gov/cybersecurity to get started.)
As it is with physical health, there are some building blocks of your cyber security posture that can help mitigate risk and make you a hard target. The old joke of the two guys getting chased by a bear comes to play here; you don’t need to outrun the bear, just make sure you can outrun the other guy!
Specifically addressing the known vulnerability attack vector, having a patching plan in place is a key best practice for closing the door on this type of attack.
In order to keep that vulnerability back door closed, patching must be a priority and performed with urgency. Patching and vulnerability management reduces your system alerts with crucial security patches and guards against known malware. Other effective defenses include but are not limited to:
- Cloud services security – Work with IT partners who can offload some of the stress on internal teams including hosting your enterprise systems. Cloud-based security effectively protects PHI data in the event of an attack. With cloud engineers managing system patches, upgrades and maintenance, your team can focus on other priorities that improve the delivery of care.
- Multi-factor authentication – Guards against stolen credentials and prevents bad actors from stealing identities to gain access to your systems.
- Endpoint detection and visibility – Reduces the impact of a phishing or other attack with quick detection and containment. Leveraging a managed detection and response solution not only provides the rapid identification of intrusion, but it also includes the people resources to watch for these intruders on a 24/7/365 basis who can distinguish between real vs. fake threats.
It’s important to emphasize within your organization that everyone, all staff, play a role in security. Provide training and educate your teams so everyone is well aware of imposing threats.
Beyond process, strategies and technology, people are the key component to safeguarding your data!
Preparing, responding and recovering is critical in cybersecurity. How does your current security strategy hold up?
To learn more about combatting vulnerabilities and applying risk mitigation, connect with a Netsmart expert today.