understanding and mitigating cyber attack risks in...
TRANSCRIPT
![Page 1: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/1.jpg)
Understanding and Mitigating Cyber Attack Risks in Healthcare
![Page 2: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/2.jpg)
![Page 3: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/3.jpg)
+ destructive
![Page 4: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/4.jpg)
Malicious software Targeted attacks Data theft and insider leaks
Business impact
average annual
spend to protect
from, detect, and
recover from
attacks
1.8 successful attacks
experienced
every week
Cumulative
Cybersecurity
spend by 2023
$8.9M $165B
![Page 6: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/6.jpg)
http://www.norse-corp.com/HealthcareReport2014.html
http://www.nist.gov/cyberframework/index.cfm
![Page 8: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/8.jpg)
HIPAA Breach Summary
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
90,196
![Page 9: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/9.jpg)
Continuous Monitoring
http://www.microsoft.com/security/cybersecurity/default.aspx#!Overview
http://download.microsoft.com/download/7/2/3/723a663c-652a-47ef-a2f5-91842417cab6/Establishing_End_to_End_Trust.pdf
![Page 10: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/10.jpg)
http://aka.ms/CSRT
http://aka.ms/securitytrendshealthcare
The security trends that are identified in
this report result from anonymized data
that was collected from 12,000
respondents to a survey that was
conducted during the period of
November 2012 to February 2014. The
trends are representative of a worldwide
sample.
Security Trends in Healthcare
![Page 11: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/11.jpg)
Server Sprawl
caused by
dedicating
servers to single
applications
Data Center
Downtime
Costs
approximately
$5,600 per
minute
Security and
Compliance is
considered
among the top
concerns for IT
Infrastructure
Complexity
caused by
multiple
disparate
systems, making
management
difficult.
70% of IT
budget is spent
maintaining
inflexible and
siloed data
center
equipment
![Page 12: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/12.jpg)
Cloud Provisioning and
Deprovisioning
Infrastructure
Servers
Virtual machines
Applications and
services
Monitoring and
Remediation
Infrastructure
Servers
Virtual machines
Applications and
services
Maintenance and
Patching
Infrastructure
Servers
Virtual machines
Applications and
services
Security and Disaster
Recovery
Infrastructure
Servers
Virtual machines
Applications and services
Service Management, Compliance, and
Reporting
• Service catalog
• Reporting
• Change management
• Capacity management
![Page 13: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/13.jpg)
Internal
Manual
Processes
Internal
Outsourced
Processes
Custom
Scripts
Vendor-
specific
Tools
Lack of:
Consistency compliance
Lack of:
Consistency compliance
know-how
High customization costs to support
heterogeneous technological
landscape
Lack of:
Standards Unified Management
Consolidated Error Handling
Current Environment and Issues
![Page 14: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/14.jpg)
Event Management
Service Desk
Asset/CMDB
Configuration/IDM
Virtual
Security
Storage
Server
Network
Incid
en
t
Resp
on
se
Ch
an
ge &
Co
mp
lian
ce
Pro
visio
nin
g
Ap
plica
tion
Serv
ice M
on
itorin
g
VM
Life
cycle
Man
ag
em
en
t
Automated data center
![Page 15: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/15.jpg)
http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2/
http://www.microsoft.com/services
![Page 16: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/16.jpg)
Microsoft Cloud TransformationMaking Cyberworld Secure
![Page 17: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/17.jpg)
20+ Data Centers
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Windows Update
1st
Microsoft Data
CenterActive
DirectorySOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
SOC 2
E.U. Data Protection Directive
Operations Security
Assurance
HITRUST
![Page 18: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/18.jpg)
![Page 19: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/19.jpg)
ProcessesBest practices to ensure safe design and operation of data centers and cloud services
People Best-in-class security professionals
TechnologyLeading edge
security and privacy technology, across
the cloud stack
Take a proactive approach against the expanding threat landscape
![Page 20: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/20.jpg)
Security embedded in
systems and software (SDL)
Predictable operations and
security controls through OSA
“Assume breach”
strategy
Deep understanding of new
threats and attack vectors
People Best-in-class security professionals
TechnologyLeading edge
security and privacy technology, across
the cloud stack
Centralized monitoring
and logging
Sophisticated intrusion
detection controls
Anti-virus and
anti-malware
Patch management
Protected networks
Encrypted data
Incident response
team works 24/7
Redundant,
resilient backup
Integrated teams of
security specialists
Take a proactive approach against the expanding threat landscape
![Page 21: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/21.jpg)
Network perimeter
Internal network
Host
Application
Data
User
Facility
Threat and vulnerability management, monitoring, and response
Edge routers, intrusion detection, vulnerability scanning
Dual-factor authentication, intrusion detection, vulnerability scanning
Access control and monitoring, anti-malware, patch and configuration management
Secure engineering (SDL), access control and monitoring, anti-malware
Access control and monitoring, file/data integrity
Account management, training and awareness, screening
Physical controls, video surveillance, access control
![Page 22: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/22.jpg)
http://aka.ms/OSA
![Page 23: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/23.jpg)
Assume Breach
War game exercises
Live site penetration testing
Centralized securitylogging & monitoring
Prevent Breach
Threat model
Code review
Security testing
Assume breach identifies & addresses potential gaps
Scope ongoing live site testing of security response plans
to drastically improve mean time to detection & recovery
Reduce exposure to internal attack (ensuring once
inside, attackers do not have broad access)
Periodic environment post breach
assessment & clean state
![Page 25: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/25.jpg)
The Red Team - dedicated adversary (a group of ethical hackers) performing targeted and persistent
attacks against our Microsoft Online Services (Microsoft’s own properties)
The role of the Red Team is to attack and penetrate environments using the same steps adversary’s kill
chain:
http://go.microsoft.com/fwlink/?linkid=518599&clcid=0x409
Key metrics captured when Red Team performs their breaches:
• Mean Time to Compromise (MTTC)
• Mean Time to Privilege Escalation or “Pwnage” (MTTP)
![Page 26: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/26.jpg)
The Blue Team is comprised of either a dedicated set of security responders or members from across the
security incident response, Engineering and Operations organizations. Regardless of their make-up, they
are independent and operate separately from the Red Team.
When an adversary, such as a Red Team, has breached an environment, the Blue Team must:
http://go.microsoft.com/fwlink/?linkid=518599&clcid=0x409
Key metrics evaluated by the Blue Team include:
• Estimated Time to Detection (ETTD)
• Estimated Time to Recovery (ETTR)
![Page 27: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/27.jpg)
Wargameexercises
Blueteaming
Redteaming
Monitor emerging threats
Executepost breach
Insider attack simulation
![Page 28: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/28.jpg)
All organizations can benefit from adopting similar security strategies for combatting emerging and evolving threats
http://go.microsoft.com/fwlink/?linkid=518599&clcid=0x409
![Page 29: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/29.jpg)
ISO 27001:2013 and ISO 27018 Yes Yes Yes Yes
HIPAA BAA Yes Yes Yes Yes
FDA Title 21 CFR Part 11 Yes Yes Early evaluation No
HITRUST Yes No Early evaluation No
FedRAMP P-ATO Yes Yes In Process N/A
EU Model Clause Yes Yes Yes Yes
Article 29 WP Yes Yes Yes Yes
PCI DSS N/A Yes N/A N/A
UK G-Cloud Yes Yes Yes In Process
SOC 1 Type 2 - (SSAE 16 / ISAE 3402) Yes Yes Yes Yes
SOC 2 Type 2 - (AT Section 101) Yes Yes In Process Yes
Enable customers to meet
global compliance standards
in ISO 27001, EUMC,
HIPAA, FEDRAMP
Contractually commit to
privacy, security and handling
of customer data through
Data Processing Agreements
Admin Controls like Data Loss
Prevention, Archiving,
E-Discovery to enable
organizational compliance
![Page 30: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/30.jpg)
ISO/IEC 27018 (ISO 27018), an extension of ISO 27001, strengthens data privacy by adding key protections for sensitive customer
information stored in the cloud.
Published July 30, 2014 by the International Organization for Standardization (ISO), it sets forth guidelines for cloud service providers
concerning Personally Identifiable Information (“PII”).
Adopting ISO 27018 is code of practice governing the processing of personal information by cloud service providers. It outlines a
stronger, industrywide framework of six key principles which CSP must operate under:
1. Consent. Cloud providers must not process the personal data they receive for purposes other independent of the instructions
customer, and they must not use that personal data for advertising and marketing unless expressly instructed to do so by the
customer. Moreover, it must be possible for a customer to use the service without submitting to such use of its personal data
for advertising or marketing.
2. Control. Customers have explicit control of how their information is used.
3. Transparency. Cloud providers must inform customers where their data resides and make clear commitments about how that
data is handled.
4. Accountability. The standard asserts that any breach of information security should trigger a review by the service provider to
determine if there was any loss, disclosure, or alteration of PII.
5. Communication. In case of a breach, cloud providers should notify customers and regulators, and keep clear records about
the incident and the response to it.
6. Independent and periodic audit. A successful third-party audit of a cloud service’s compliance with 27018 documents the
service’s conformance with the standard, and can then be relied upon by the customer to support their own regulatory
obligations. To remain compliant, the Cloud service provider must subject itself to periodic third-party reviews.
![Page 31: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/31.jpg)
Run Latest
Microsoft & Third
Party Products
Implement Good
Patch Management
Practices
Align Active
Directory to
Current Threat
Environment
Assess Threats &
Countermeasures
of the IT
Infrastructure and
Operational
Practices
Implement Secure
Software
Development
Practices
Apply Security
Practices During all
Phases of
Development
Address Cybersecurity at its Foundational Roots
1 2 3 4
03.02.14
![Page 32: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/32.jpg)
Value Added Product OfferingsBitlocker / Azure Rights Management /Microsoft Identity Manager / Azure AD
ServicesPhoneFactor and Multi-factor Authentication
![Page 33: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/33.jpg)
Protect Microsoft & Showcase Learnings
Remote Security Incident Report
Online Security Incident Response
AdvisoryServices
Security Solutions & Consulting
Advanced Tools & Technologies
MCS Cybersecurity Services
![Page 34: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/34.jpg)
http://www.microsoft.com/security/online-privacy/default.aspx
![Page 35: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/35.jpg)
Top-35 Cyber Mitigations
‘Mitigating PtH Attacks and other Credential Theft Techniques
EMET
![Page 36: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/36.jpg)
www.microsoft.com/sir www.microsoft.com/sdl www.microsoft.com/twc blogs.technet.com/securitywww.microsoft.com/trustedcloud
Microsoft Health - www.microsoft.com/health
![Page 37: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/37.jpg)
37
© 2014 Microsoft Corporation. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft
Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 38: Understanding and Mitigating Cyber Attack Risks in …az370354.vo.msecnd.net/whitepapers/HIMSS_Understanding...Understanding and Mitigating Cyber Attack Risks in Healthcare + destructive](https://reader035.vdocuments.net/reader035/viewer/2022062908/5aeef9377f8b9aa9168beeb3/html5/thumbnails/38.jpg)
Modernize health LOB applications Storage of patient data in the cloud Mobile health worker
Business analytics
on medical data
Medical imaging
in the cloudEMR in the cloud
Health
application
access anywhere
IoT: human and
ambient sensors
Medical and
clinical research
www.microsoft.com/health