By Jim Cook, Regional Director ANZ, Attivo Networks
The increasing number of cyberattacks against healthcare organisations occurring throughout the world is causing headaches for service providers and making patients nervous.
The attacks aim to steal sensitive data or cause disruption by holding critical systems to ransom. With the healthcare sector now heavily reliant on data and digital processes, it’s an exceedingly worrying trend.
The number of threats that are caused by insiders exacerbates the problem. While not usually malicious in intent, healthcare workers can cause cyber breaches by failing to follow established security protocols. This negligence could be anything from inserting a foreign USB key into a PC to submitting passwords in a public place.
Once inside a network, cybercriminals can then traverse various systems, gathering data or installing rogue software that can prevent legitimate access. The disruption this can cause to the provision of critical healthcare services is immense.
Increasing numbers of healthcare providers are turning to an approach dubbed ‘cyber deception’ to help overcome this growing challenge. As the name suggests, it involves putting tools and items in place that pretend to be other than what they are. These decoys, in turn, trick criminals into making mistakes and revealing their presence within a service provider’s network.
A cyber deception strategy is powerful because it is, by nature, proactive. Where traditional security tools and processes operate in a reactive mode, responding to threats as they occur, deception strategies actively try to uncover incidents and criminal activity.
Vulnerabilities in healthcare
The approach is particularly relevant when you consider that the number of attack surfaces that criminals can exploit is increasing all the time. One of the most concerning within healthcare facilities is the growing number of connected devices in use that attackers can leverage as entry points to the IT infrastructure.
The problem was brought into stark focus during 2019 when news broke of 11 new zero-day vulnerabilities that potentially affect a range of medical devices. Named URGENT/11, the vulnerabilities are particularly concerning as they enable attackers to take over devices with no user interaction required. They can also bypass firewall and NAT perimeter security solutions.
At risk is an array of devices, including patient monitors, MRI devices, SCADA systems, industrial controllers, firewalls, printers, and VOIP phones. The URGENT/1 vulnerabilities can also allow malicious software to propagate throughout hospital and service provider networks.
Healthcare organisations clearly need a new approach to reduce their risk of falling victim to URGENT/11, ransomware, and other forms of cyberattacks. This is where deception technology can play a vital and powerful role.
The power of cyber deception
Cyber deception is an effective security strategy because it helps to level the playing field with the cybercriminal. With deception technology in place, intruders quickly reveal their presence with a simple misstep or mistake.
Intruders now have to navigate traps, lures, and breadcrumbs that force them to guess right every time they move within the network. With one slip up, the deception platform detects attackers and effectively studies them within the deception environment.
Also, once a criminal has engaged, the target organisation’s security team can gather intelligence about their tactics and goals without their knowledge.
Despite its power, cyber deception does not require significant extra staff time to deploy and manage. Automated attack analysis capabilities can provide faster investigation and streamlined incident handling thanks to customisable analysis and response actions.
The high-quality alerts that the solution generates reduce the incidence of false positives and allow security teams to focus and allocate their time and resources more effectively.
Additionally, when the deception technology can analyse attack paths and observe how attackers move laterally within the network, the security team can interweave a decoy fabric to prepare for and better defend against future attacks.
The frequency and intensity of attacks against organisations in the healthcare sector are showing no signs of decreasing anytime soon, which means both staff and patients are facing increasing risks.
Cyber deception allows the deployment of a scalable technology that is capable of delivering accurate, in-network visibility, and early detection across a wide range of attack surfaces.
Once in place, security teams can be confident that they have a much-enhanced capacity to deal with future threats as they appear.