[BreachExchange] The inside man: your biggest risk may be closer than you think

Mon Nov 7 18:56:21 EST 2016

http://www.information-age.com/biggest-risk-closer-than-you-think-123463075/

The UK’s healthcare sector is responsible for protecting some of the
country’s most sensitive personal information and thanks to the rise of
connected healthcare, brought about by advances in the likes of wireless
devices, sensors and wearable technology, the amount of data being handled
is rapidly growing.

It is being spread increasingly far and wide, often outside the perimeter
of the corporate firewall.

The business of healthcare has drastically changed in a short amount of
time. As such, cyber security is fast becoming one of the biggest concerns
for the healthcare industry, with more pressure than ever before to
minimise the damage associated with a data breach.

This can be a daunting task for digital healthcare providers in particular,
given the nature of the information they deal with.

While addressing the fear of coming under external attack is an important
part of the puzzle, for many data breaches the risks lie much closer to
home.

Insider threats can result from human error or intentional theft, but both
are equally damaging for health professionals that aren’t prepared.

In today’s digital world, users need access to a myriad of critical
systems, applications, and data in order to do their jobs. This can be
particularly challenging for large provider organisations, where users have
multiple roles.

This makes it nearly impossible for organisations to ensure that each
individual has the right access.

This is complicated further when you consider how the IT landscape now
encompasses a hybrid approach of on premise and cloud-based applications,
as well as mobile environments. It calls for an increasing need for
visibility and control across an organisation’s users and their activity.

At the same time, hackers have moved on to the human attack vector
(employees, contractors, partners and even suppliers).

In many cases, a legitimate identity is knowingly or unknowingly hijacked
for illicit purposes.

In order to prevent or minimise data breaches tied directly to insiders,
organisations must take a user-centric approach to security.

By leveraging strong, governance-based controls for managing access to
sensitive information, or by putting identity and access management (IAM)
at the center of the security strategy, organisations can ensure they have
a single, unified view into and automated control over all user access,
minimising their risk of insider threats, sabotage or fraud.

With growing scrutiny around protecting access to private and personal
health information it is essential that businesses ensure their users have
the right access at the right time to perform their work, and that access
can be automatically revoked when it is no longer needed.

At the same time, when an identity-based breach does occur, organisations
need to ensure they have the visibility to understand where they are
exposed and how to address that quickly.

While prevention is, of course, still crucial, there are definitive steps
that can be taken to increase resiliency and potentially reduce the
negative impact of a breach when it does occur.

Those that don’t shift to a user-centric view of security could be leaving
not only their patients and customers exposed to incredible risk, but their
business too; inadvertently providing fuel for the fire and joining the
growing list of data breach headline-hitters.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161107/752ba18f/attachment.html>