According to Cybereason, a provider of prevention, detection, and response cybersecurity tools, incident response plans can help healthcare security teams mobilize when incidents occur.
WHY IT IMPORTANT
According to the Organization at Risk 2022: Ransomware Attackers Don’t Take a Holiday, the lack of contingency plans coupled with staff cuts at security operations centers (SOCs) has led to time longer investigation and response times as well as increased costs.
Launched last year, the annual global study looks at the impact of cyberattacks occurring on holidays and weekends. Cybereason conducted an online survey of cybersecurity teams that experienced one or more cyberattacks over the weekend or holiday in the United States, United Kingdom, Germany, France, Italy, the United Arab Emirates, and the United Kingdom. United Arab Emirates, South Africa and Singapore in September and October.
When asked about the type of security incident that SOC teams most often try to solve, nearly half (49%) of respondents said it was ransomware. Supply chain attacks (46%) and targeted attacks (31%) are also considered the most frequent attack types.
Of those surveyed – more than 1,200 cybersecurity professionals working in companies with more than 700 employees – 88% said they missed out on holiday celebrations or weekend events due to hacking. fair ransomware.
Across industries, however, 44% of respondents said their SOC had 33% fewer employees during this time.
Although the survey involved several security operations groups across industries, 30% of healthcare SOC groups said it took longer to assess the scope of an attack. public on weekends or holidays.
Healthcare SOC respondents said it took their organization three to six days (21%), one to two days (19%) or seven to 23 hours (15%) to resolve calls. ransomware attack.
Only educational SOC teams are more likely to report a resolution timeframe of one to six days.
Cybereason recommends that all industries explore HR models that can improve incident response – bringing consensus to the healthcare cybersecurity industry.
“Look to hospital emergency rooms and other emergency response organizations to find models,” the agency said.
Additional recommendations include:
- Determine the optimal staffing for weekends and holidays.
- Create a managed detection and response strategy to augment existing employees with third-party coverage.
- Lock privileged accounts, do not use at off-peak hours.
- Implement quarantine measures for detected intrusions to prevent spread.
- Upgrade to next-generation antivirus (NGAV) protection with behavior-based tools that scan networks and identify ransomware attacks at the earliest .
Across industries, 38% of respondents are planning to implement new ransomware-specific detection capabilities while 31% are taking steps to strengthen staff so their organization can react faster to attacks.
Among healthcare respondents, 55% have upgraded to NGAV.
TREND TO BIGGER WOMAN
Taking advantage of known vulnerabilities is not new to cybercriminals. During the COVID-19 pandemic, hospitals and healthcare systems have become prime targets for phishing techniques that are difficult to detect due to rapid IT deployment, new telehealth programs eye, the platform has not been tested, and employees are switching to a work-from-home model.
And despite the promise of a “ceasefire” early in the pandemic, the bad guys were quick to target vaccine developers and other organizations trying to respond to the challenges of COVID-19.
Robert Capps, vice president of market innovation at NuData Security, said: “While there’s no way to completely stop the ransomware threat, organizations can stop ransomware attempts from affecting them. to their business by implementing a multi-layered security approach to prevent future threats.” Healthcare IT News.
Advances in artificial intelligence are also driving cybersecurity programs.
“If a next-generation firewall or anti-virus system incorporates AI or behavioral monitoring information, assets exhibit anomalous behavior – infection signatures, traffic,” said Robert LaMagna. abnormal, unusual – can be automatically placed in an isolation group, removed from network access”. Reiter, senior director of information security at First National Technology Solutions, a managed IT services company.
ON PROFILE
“It’s not surprising that SOC teams are very active on holidays and weekends: Security professionals are experiencing record levels of burnout plus shortages,” Cybereason said in the new report. enduring global talent and relentless competitors.”
The HIMSS 2022 Healthcare Cybersecurity Forum takes place on December 5 and 6 at the Renaissance Boston Waterfront Hotel. register here.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
