the cyber threat landscape and risk mitigation strategies ... · the cyber threat landscape and...
TRANSCRIPT
The Cyber Threat Landscape and Risk Mitigation Strategies for Hospitals and Nursing HomesJoEllen Frain
Agenda• Understand the who behind cybercrime• Understand what they are after• Understand what role we as individuals and as an organization
play in protecting our data and ourselves from this criminal activity.
3TECHNOLOGYHAS CHANGED US…
CYBER CRIME HAPPENS EVERY DAY …the threat to you and to your organization is real
NATION-STATE Cyberterrorism, hacktivist, IP
SYNDICATED CRIME Access data for sale
INSIDER THREAT Personal Gain
OURSELVES Mixed data, lack of awareness
THE INTERNET OF THINGS …more devices than people
Changing Threat LandscapeThen… Now…
Perimeter defense
Fantasy of 100% compliance with zero-risk
System focusAssume the inside is secure
Defense-in-depth
Transparent information risk management
Data focusMonitor everything
Security control focus Security culture focus
• “There are a couple of highways the attackers like to use. Blocking those slows them down. Attempting to block all possible paths is a fool’s game. “
Source: 2016 Veriozon Report
10
How Do We Get There• Alignment with NIST-CSF (National Institute of Standards and
Technology – Cybersecurity Framework)
https://www.nist.gov/topics/cybersecurity
Device Management• Identify and document all networked devices
• Asset inventory is critical to understand your threat landscape• Medical Devices are often connected but not part of the
inventory• Supply Chain and IT are key to this work
• Stay up to date on software updates• Define accountability and timeframes• Have a process for being informed of and acting upon off cycle
software updates• Hold the vendors accountable
• Use vendors who have demonstrated ability and commitment to updating and securing their product
https://nhisac.org/
Heard it on the News
Ransomware
Ransomware in Healthcare
• Why is healthcare being targeted? • Healthcare information is valuable• Technology lags other industry• Dependency on real-time access to information
Ransomware
• WANNACRY• Microsoft issued a patch for vulnerability
3/14/17• Wannacry is launched 5/12/17 – infects
unpatched Windows systems
Secure the People• The weakest link, most often in cyber security, is the end user• Ensure your staff are equipped to recognize the risk and
respond appropriately
https://securingthehuman.sans.org/resources
Business Case• It is estimated that over 156 million phishing emails are sent
on a daily basis, with 80,000 falling victim*• The sophistication of these types of attacks constantly
evolve and improve, bypassing the technology that is meant to stop it
• Activating the “Human Sensor” is a low cost, but highly effective way to increase your security posture (for prevention, detection and reduction in time to remediation)
*IT ProPortal
• Proactive Phishing began in Sept 2015
• Objectives– Increase good security behaviors among staff– Decrease susceptible email behavior – Encourage users to report all suspicious emails
Proactive Phishing Overview
Proactive Phishing Overview
• Campaigns were inclusive of 65k+ employees/students
• Third party vendor (PhishMe) was the partner for conducting campaigns
• Campaigns were standard campaigns that could be benchmarked against other organizations
• Project included endorsement from various governance groups
Proactive Phishing Overview
• Trending data is available on susceptibility rates, reporter rates and no-action rates.
• Susceptibility Rates = individuals who have fallen victim because they clicked on a link or opened an attachment within the simulated training exercise.
• Reporter Rates = individuals who have identified the simulated training exercise as suspicious, did not click any links or attachments and have reported the email using the Report Phishing button.
• Did Nothing Rates = individuals who have not reported or fallen victim to the simulated training exercise.
Security Awareness Module• Launched February 2016• General Information Security Awareness Module launched to 65,000
• Focused on raising awareness to the threat and highlighted phishing awareness
• 97% completion rate by March 2016
We all have a role to play to protect our information
©2013 MFMER | slide-28
BEHAVIORCHANGE
ONLINE…...it’s always phishing season
Phishing
• Deceitful emails designed to capture personal information from the recipient
• Coax recipient to click on a link, open a document or submit credentials
• It is estimated that 85%-95% of all cyber breach incidents begin with a phishing email
EXAMPLE:
• PhishMe button deployed to all Windows workstations
• Click any time you suspect a phishing attempt
HOW TO REPORT
Outcomes
• First report from end user was 2 minutes after first email arrived, 11 people interacted
• 200 total reporters• Security Operations Center was able to determine the
email was malicious• Immediately blocked the malicious link• Removed remaining emails from end user mailboxes• Identified 11 users who had interacted with the link for
remediation
Business Case
• Decreases the risk of end users interacting with suspicious emails
• Increases the ability for the organization to identify the threat before harm
• Decision on the up front preventative cost vs. the cost of remediation or a breach
• Consistency in the plan and utilize the data to track the risk reduction to the organization
*IT ProPortal
Assess, Plan and Practice• Perform risk assessments to gain an understanding of where
your vulnerabilities are.• Understanding your weak spots help prioritize where to focus
first• Have a plan in place if/when you are the victim of an intrusion
• Understand in-house capabilities vs. where you would need to augment
• Practice the plan• Table top exercises are invaluable in preparation
https://staysafeonline.org/
Questions
38