Healthcare cybersecurity is reactive, must shift to 'proactive threat hunting' says Raytheon
Two-thirds of businesses, including organizations in the healthcare industry, wait until a cybersecurity attack before they engage a security vendor or a managed security services provider, according to a recent Ponemon study commissioned by government contractor Raytheon Foreground Security.
Further, 80 percent of respondents said managed security services are important to their overall IT security strategy, but of these respondents, 84 percent said their managed security services provider doesn't offer proactive hunting services.
"Most managed security services don't provide proactive threat hunting, advanced analytics and incident response as part of their core offerings," said Alison Kidd, executive vice president of sales and marketing for Raytheon Foreground Security. "A select few managed services focus on finding advanced threats that are impacting the healthcare industry today.
"Truly talented resources with advanced cyber capabilities are extremely hard to find and harder to keep," Kidd added. "Therefore, leveraging the right managed security service is a way to extend that advanced talent, expertise and knowledge into the end user enterprise."
Healthcare was one of the most attacked industries in 2015, according to Kidd – but only 10 percent of the budget in healthcare is dedicated to IT security. As a result, tough spending choices are made with 'compliance checkbox security.'
To further complicate matters, the sophistication of cyberattacks is increasing, and there's a lack of cybersecurity staff able to tackle these attacks, Kidd explained.
"Where worms, viruses, and Dos/DDoS were of the center of attention roughly four years ago, we're now dealing with nation state attacks, IoT compromises and Ransomware," she said. "The game has shifted to be one of complete control, instead of disruption."
To combat this, she recommended that healthcare organizations adopt a posture of risk-based security, which requires a protective barrier around patient data and the systems. Healthcare organizations also need to model cybersecurity based on the human immune system.
"Similar to the human body, you're aware your body (or enterprise) will at some point be compromised, the important factor is how resilient your organization is in order to maintain continuity of operations," Kidd said.
"Organizations need to employ a service that includes proactive threat hunting, which searches for indicators of compromise and infection, while simultaneously remembering the infections you have already expelled," she added.
And to reduce physical theft of data – another threat plaguing healthcare security – the industry needs to employ heavy segmentation and virtualization to eliminate this risk, according to Kidd: "Once your data leaves your premises, you've already lost control of it."
Ponemon Institute surveyed 1,784 information security leaders from 19 countries for its report.