[BreachExchange] What is and what isn’t working when it comes to cybersecurity

Destry Winant destry at riskbasedsecurity.com
Thu Jul 6 00:50:33 EDT 2017


http://medcitynews.com/2017/07/isnt-working-comes-cybersecurity/?rf=1

Given technology’s fast-paced, innovative nature, it’s no surprise
that many terms associated with the industry experience a brief shelf
life. Although many of these buzzwords are fleeting, certain terms
like “cybersecurity” have transformed from popular jargon into one of
the most important topics in Internet technology today.

With the average cost of a security breach reaching $4 million in
2016, according to the Ponemon Institute, the concern for strong
cybersecurity is pushing all industries to be mindful as they
innovate. In fact, fears over network security have already begun to
shift the outlook of industries that remain particularly vulnerable,
primarily healthcare.

Cybersecurity Trends: What Isn’t Working?
Traditionally, internet security has largely been placed on connection
networks such as Internet routing and overlay networks. Although these
network options have seen large security improvements within the last
decade, they are still far from providing a truly secure network.
Internet routing, for example, relies heavily on unprotected Border
Gateway Protocol (BGP) security protocols, which primarily work on
networks that operate independently. Furthering this gap in operation
is the lack of an overarching authority to direct BGP security
upgrades, putting network data at risk.

Similarly, encapsulation or overlay networks such as MPLS, IPSec and
VxLAN have experienced multiple challenges with network security.
Network overlays sit on top of IP networks, leading to issues of
interoperability with existing firewalls and other configuration and
scaling issues. Reliance on overlay networks also often leads to
network traffic congestion, which greatly limits the security of the
network.

Cybersecurity Trends: What is Working?
With a growing number of cyberattacks reported daily, strong
cybersecurity is now vital to protect sensitive data at all levels,
and innovative options like session-oriented networks are the
solution. Utilizing a unique two-way exchange of information between
endpoints that flow in both directions, session-oriented networks are
secure, deterministic and context-aware and can stretch across network
boundaries. As a result, the network design is simple, secure and has
zero reliance on overlay routing technology.

Cybersecurity is also contributing to a large shift in the way that
industries are conducting business, as well as how products are
designed. Recent concerns about network security and stability have
encouraged industries to create security-first designs to keep
security at the forefront of all new network architecture. This
security-first design approach is ideal for secure interoperability
and large scalability, creating a safe and more reliable network and
design for all users. What was once considered a simple “risk
management initiative,” is now the key factor contributing to what we
now call an “industry-driving approach.”

Cybersecurity in Healthcare
The healthcare industry is one of the most threatened industries
facing frequent cyberattacks. On top of that, it must deal with a
permeation of other cybersecurity concerns, particularly the lack of
skilled IT workers. According to the Center for Cyber Safety and
Education 2017 Global Information Security Workforce Study, by 2022,
there will be a shortage of 1.8 million information security workers.
Combining this shortage with the rapid increase of connected medical
devices and telehealth services is a major concern for healthcare
organizations.

The deficit of skilled IT workers also creates larger compounded
issues for the healthcare industry. A lack of education surrounding
the importance of cybersecurity at all levels is just one example.
With an unclear understanding of network security practices, many
healthcare organizations don’t hold the required skills to make
informed decisions when it comes to choosing between an in-house or a
third-party vendor to handle their network security and
communications. And with Gartner reporting that 50 percent of network
attacks in 2017 are hiding in encrypted traffic, partnering with a
trusted vendor is more important than ever.

Moving Ahead in Healthcare Security
In a 2017 Global State of Information Security Survey, 55 percent of
those surveyed by PwC reported that they collaborate with external
partners to improve security and reduce risks. Although these numbers
have increased by 12 percent since 2013, many organizations are still
struggling to collaborate with a third-party vendor. As healthcare
organizations continue to expand the use of telehealth services, it is
becoming even more vital for the healthcare industry to collaborate
with external partners, and more importantly, to choose the right
ones.

With so many vendors claiming compliance and encryption, healthcare
organizations must be mindful of third-party risk management to keep
protected health information (PHI) secure from cyberattacks. Simply
put, external partners collaborating with healthcare faculties must
hold the same security standard as the healthcare industry, including
regulations such as HIPAA-compliance.

Another cybersecurity threat putting all healthcare organizations at
risk is the recent permeation of Internet of Things (IoT) devices
(especially those that are filled with PHI). By 2020, the National
Center for Biotechnology Informationpredicts that 40 percent of IoT
technology will be health-related and make up the largest portion of a
$117 billion market. With this dramatic increase in IoT devices and
telehealth services, many healthcare networks will struggle to support
the sheer number of access points required for such an increase
without the proper support of a secure network.

Cybersecurity has rapidly become a driving force in all industries. As
the healthcare industry continues implementing innovative services,
namely telehealth, the state of cybersecurity will significantly
impact the future of the industry.


More information about the BreachExchange mailing list