Cyberthreats: Stay Ahead of Them with a Proactive Strategy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
03:00 PM
Karin Ratchinsky, director of healthcare strategy, Level 3
Karin Ratchinsky, director of healthcare strategy, Level 3

Cyberthreats: Stay Ahead of Them with a Proactive Strategy

To mitigate the risks presented by more aggressive cyberthreats, organizations need to get out in front of those threats.

Nearly every industry has been deemed “most breached,” “most hacked,” or “biggest security target.”

Of course, they can't all hold the unfortunate title, but financial services, retail, healthcare, and even media and entertainment are all experiencing the intense pain that sophisticated cyberthreats can inflict upon operations. These pain points cannot be traced back to a single source, but to a convergence of factors: accelerating digital transformation across industries, evolving threat types, and a general lack of investment in comprehensive security practices and tools.

With the rise of “smart” digital integration, or what some people are calling “Industry 4.0,” this pain will become more acute. Attackers could conceivably disable manufacturing facilities or hold a crucial piece of intellectual property hostage, leading directly to millions in lost revenue and inestimable damage to brands and their competitive edge, or much worse, impact to critical care. The WannaCry ransomware attack earlier this year, for example, took down healthcare systems in the UK, forcing hospitals that rely extensively on electronic health records to literally reroute patients requiring emergency services.

Past strategies have too often focused on cleaning up consequences rather than getting out in front of threats, and the damages are proving even more extensive. To mitigate these risks, organizations need to adopt a proactive approach to cybersecurity.

Understanding the problem

A clear indicator that current approaches to cybersecurity aren’t working is how little attack strategies have changed over the past decade. While hackers have identified a plethora of new vulnerabilities, they exploit them using methods that have been on our radar for years.

Spear and net phishing, which have been around for at least 15 years, are becoming a source of fear for even average computer users. Despite that, up to 30% of phishing messages are opened and downloaded now that social media and sophisticated fake websites can be used to build trust and establish authenticity.

Not only has the quality of attacks increased, but so has the quantity. Encryption and bitcoin make it easy to extort money directly from victims, prompting scores of criminal elements to migrate to cybercrime. The number of attacks on businesses tripled over just nine months in 2016, and 20% of those who paid ransom never regained access to their data, according to one study. The rate is likely much higher.

A solid backup strategy would reduce threats and control costs at the same time, rather than forcing companies to decide between losing critical information or paying attackers.

Hollywood Presbyterian Medical Center learned this lesson the hard way, ultimately paying a hacker $17,000 to unlock its systems. The center could have wiped and refreshed with limited loss of information if it had been prepared with regular system backups.

Adopting a proactive approach

An effective approach to cybersecurity requires more than a statement of intent. Stakeholders must put explicit plans and programs in place and invest the necessary resources in three primary areas:

1. Develop a culture of security

Making cybersecurity a fundamental part of your operations means engaging in comprehensive employee training and testing, giving security personnel a strategic seat at the table, and making security a priority on the management team's agenda. Too many companies make minor efforts at improvement and then presume their security is ironclad. Measure progress by launching dummy phishing attacks to set a baseline and to test, over time, how secure your infrastructure and users are becoming.

2. Survey and inventory vulnerabilities

Do you know what sensitive or protected data you have and where it's stored? Look for every possible weakness, from systems to connected devices. Prioritize the most troubling vulnerabilities and develop a plan of action to address each. Netflix excels at self-assessment with its Chaos Monkey protocol: Production servers are randomly shut down during business hours, essentially manufacturing disruptions from within. As a result, engineers are forced to become hyperaware of building redundancy into the infrastructure.

3. Articulate response strategies

Disorganization only amplifies the consequences of an attack. Before you get hit, identify the chain of command, locate your support resources, and outline a crisis response plan based on the type of attack. Planning for contingencies is difficult, which is why only 25 percent of businesses do it. The goal, however, is to guide your staff in how to support a rapid crisis response. This is essential for all companies.

The promise of digital transformation is vast; however, so are the potential security exposures. It's critical for organizations to prioritize security as an integral part of their business strategy and to ensure it is adequately resourced. Companies that do so are the leaders that will not only survive, but also thrive.

Karin Ratchinsky, Level 3
Karin Ratchinsky, Level 3

Karin Ratchinsky, director of healthcare strategy at Level 3, is an author, speaker and contributor to the health IT community. Karin provides expert industry insight on trends in health IT, and emerging care delivery strategies.

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll