Dominic Trott: A Resilience-based Cyber Strategy is Needed
In today’s digital landscape, the healthcare industry stands as one of the most threatened areas as a result of continued cyber threats.
In the wake of the recent global IT outage, thousands of healthcare workers were unable to access appointment information for patients, leading to cancellations and widespread confusion.
Likewise, in June 2024, some London hospitals encountered an overwhelming ransomware attack linked to Synnovis, a provider of pathology services, that wreaked havoc on clinical services and led to 1,130 planned operations and 2,190 outpatient appointments to be postponed.
During a time where hospitals are facing significant pressures to deliver a high level of service, especially after the COVID-19 pandemic, increasingly sophisticated cyber threats seek to disrupt this landscape. Cyberattacks can not only be disastrous for healthcare workers, but also for patients who heavily rely on IT systems to access information.
To mitigate this, cybersecurity strategies will need to be more stringent. With this in mind, Cyber Magazine spoke with Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense UK, about the impact of malicious activity targeting the healthcare sector.
In this exclusive interview, he shares what aspects of cybersecurity often get overlooked and explains what it meant by a resilience-based cyber strategy.
Why are cybercriminals increasingly targeting the healthcare sector?
Through the COVID-19 crisis, and until recently, threat actors avoided the healthcare sector, as if a ‘moral or ethical agreement’ existed among these cybercriminals. There appeared to be a tacit understanding that threat actors would not put lives at further risk during a time when the healthcare sector was under unprecedented strain.
However, it appears that this approach towards (not) exploiting the healthcare sector has changed. For example, our threat research indicates that the healthcare sector is experiencing the largest growth in victims of any industry, with a recorded increase of 160% in the last twelve months.
Additionally, our research shows that threat actors are now casting their net as wide as possible and exploiting all vulnerabilities regardless of the organisation’s context. The impact of this is accelerated because healthcare is a large sector, representing a large volume of sensitive data to be targeted and exploited for multiple purposes.
Are there any aspects of the cybersecurity process that are overlooked or under-prioritised? How can businesses fix these?
A ‘first principles’ approach would suggest that organisations should first look at their approach to security in terms of people, processes and technologies. A good starting point would be to consider consulting a standard or framework such as Cyber Essentials or ISO 27001. This will guide basic cyber security approaches such as firewalls, secure configuration, security updates management, user access control, and malware protection. It will also offer guidance to help ensure they are deployed, configured, updated, managed and integrated correctly.
However, as well as their approach to security, organisations must think about the broader ecosystem in which they operate. Businesses can make the mistake of overlooking the key role of third-party risk management in their cybersecurity strategy.
To address this, businesses should first map out the profile and risk posture of third parties to understand the specific challenges that each supplier represents, which can support procurement decisions and remediation.
Additionally, organisations may wish to consider using specialist technology to support third-party risk management further. These tools can identify the profile and risk posture of third parties, helping to understand the specific challenges that each supplier represents. This can in turn be used to follow-on actions such as support procurement decisions or even identifying remediation steps.
In the wake of the recent IT outage that impacted the healthcare sector, what lessons can be learned to minimise future disruption?
To minimise future disruption, organisations must employ cyber resilience principles and first put in place the right people, processes, and technologies to help ensure that even in the face of a cyber incident, the core activities of the business can continue operating and that they can return to ‘business as usual’ as fast as possible.
Furthermore, the implementation of updated technology and security controls, with the development of a robust cybersecurity program, are all likely to go a long way towards offering better preparedness to mitigate future ransomware attacks and third-party breaches.
Explain some of the benefits of a resilience-based cyber strategy. How can businesses best bolster their cyber resilience strategies and better prepare for inevitable cyberattacks?
A resilience-based cyber strategy ensures businesses can return to ‘business as usual’ as fast as possible, reducing further operational damage. By focusing on cyber resilience, cyber threats can be avoided or minimised as they can be more effectively contained, with the causes identified and the incident remediated. The value of resilience can be seen following recent outages that have had global impacts.
As well as the more procedural elements of cyber resilience, there are some technical recommendations that can be made to, for example, embrace the principles of standards and frameworks such as NIST and contribute towards upcoming regulatory compliance such as CER, NIS2, DORA and the UK’s Cyber Security and Resilience Bill. Being able to roll back to a previously safe state is becoming increasingly valuable as the number of cyber victims continues to rise.
This will likely drive demand for endpoint and network detection and response solutions, as well as data protection and back-up.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand