Cyber security

WANNACRY’S 1YR ANNIVERSARY SHOULD SEE US PROTECTING HEALTHCARE FROM HACKERS: BLACKBERRY

BlackBerry Enterprise VP Shantanu Srivastava has warned that ransomware and other types of attacks will continue to expand and become more sophisticated, leaving crucial sectors such as healthcare at greater risk.

Article Access

Please note that Telecom Times is a wholly independent startup venture. Feel free to show your support for free, unfettered telecoms journalism by making this payment to access Telecom Times content. Your support is much appreciated.

A$4.50

“Healthcare is the sector where the consequences of a cyber-attack are most life threatening, hence [this is] why healthcare organisations should really make cyber security and data protection a priority,” said Srivastava.

“According to the latest reports from the Office of the Australian Information Commissioner, nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector,” he said. There is a real issue here and we see many healthcare organisations still lacking IT basic security”

Srivastava said with stretched budgets, IT teams were too often short on the resources required to conduct manual patching up in an environment where basic security practices are being forgotten.

“The lack of IT security awareness is in stark contrast with the number of technological advances we’ve witnessed in healthcare in recent years,” he emphasized. “We’re seeing a gradual increase in the number of connected medical devices being used to deliver better patient care, however these are also making life easier for hackers with more entry points to exploit.”

Srivasav also said healthcare organisations’ increasing vulnerability to cyber-attacks wa worrying news “for a sector that handles some of our most private information.”

“Healthcare is the sector where the consequences of a cyber-attack are most life threatening, hence why healthcare organisations should really make cybersecurity and data protection a priority,” he said.

o “According to the latest reports from the Office of the Australian Information Commissioner, nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector. There is a really issue here and we see many healthcare organisations still lacking IT basic security”

o “With stretched budgets, IT teams are too often short on the resource required to conduct manual patching and up in an environment where basic security practices are being forgotten”.

o “The lack of IT security awareness is in stark contrast with the number of technological advances we’ve witnessed in healthcare in recent years. We’re seeing a gradual increase in the number of connected medical devices being used to deliver better patient care, however these are also making life easier for hackers with more entry points to exploit”.

o “Healthcare organisations increasing vulnerability to cyber-attacks is worrying news for a sector that handles some of our most private information.”

· Prevention better than cure

o “It’s a no-brainer that prevention is better than cure: it costs more to recover from a hack than to proactively prevent it from happening. This is both from a financial standpoint (where records and critical business or financial data can be held at ransom) and a productivity point of view (it’s much more stressful to recover from a hack than to work at maintaining security on a day-to-day basis)”.

o “Businesses should take a holistic approach to limiting their exposure and vulnerabilities in terms of network security. This includes ensuring all operating systems and virus definitions are kept up to date.”

o “The bigger challenge is that the process of patching has barely changed since 1995, meaning there can be extensive downtime for large organisations with complex networks. This leads to patching not taking place as quickly or as often as it should.”

o “The solution lies in the industry and vendors looking at alternative methods which kill off bad processes and patch in an ongoing synchronous manner rather the current asynchronic process involving a download to allow the patch to run and reboot machines.”

o “It’s also important to have in place effective disaster recovery techniques such as keeping critical data backed up in a separate location, segregating data and the principle of least privilege.

o “If you have your data backed up, there’ll be no need for you to pay up. WannaCry was a self-replicating virus, meaning it managed to quickly spread itself across connected computers. Storing backups in an isolated location would’ve prevented backup data from being encrypted as well.”

· Next steps

o “A one-size approach will not suit all. Security processes must match the nature of each organisation.”

o “There is a need to expect the unexpected, as no one knows when the next attack will be. But you can be prepared as vulnerabilities are published regularly and WannaCry was a known problem for several months”.

o “Organisations in sectors such as healthcare but also other critical industries such as financial services, telecommunications and government need to stay updated, be proactive with IT security and continue to learn from mistakes. It’s not a fail-safe strategy, but it is our best bet in deferring unwanted hackers”.

 

Categories: Cyber security, ICT

Tagged as:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.