Treat Cyber Like a Disease
•Download as PPT, PDF•
0 likes•356 views
Approaching cybersecurity with a different mindset can help make an organization more secure.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Treat Cyber Like a Disease
Similar to Treat Cyber Like a Disease (20)
More from SurfWatch Labs
More from SurfWatch Labs (12)
Recently uploaded
Recently uploaded (20)
Treat Cyber Like a Disease
- 1. How to Treat Cyber Like a Disease: Through Familiar Data Collection and Analysis Approaches
- 2. Today’s Speaker 2 Jason Polancich Founder & Chief Architect SurfWatch Labs
- 3. POLLING QUESTION How do you know what your specific cyber risks are? (Select the most appropriate answer) A. Threat data feed B. SIEM C. Managed service provider/consultants D. Internally research cyber threats E. We don’t know 3
- 4. Notice Anything Wrong Here? 4
- 5. Too Many Threats, Too Many Wide Open Doors 5
- 6. Do You Know It’s Coming? Healthcare Targets Have Been “Low Hanging Fruit” for Cybercriminals •Large health insurers •Local dentists •Specialized healthcare IT consulting firms •Hospital chains •Plastic surgery clinics •Small regional hospitals •Dialysis center chains •Small insurance claims processing shops 6
- 7. Dark Web: Unforeseen Threats 7
- 8. What’s the Definition of Insanity? 8
- 9. This Cyber Emergency Requires a Different Approach 9 The reactionary/crisis-mode cybersecurity approach is not working! What we need is… Consistent, managed and scientific cybersecurity strategy based on long- term commitment to data collection and analysis.
- 10. Where to Start? Follow in the Footsteps of PSOs A Patient Safety Organization (PSO) is a group, institution or association that improves medical care by reducing medical errors. Common functions of patient safety organizations are data collection and analysis, reporting, education, funding and advocacy. Replace “medical care” with “cyber” and you almost have it right? 10
- 11. Comparing PSOs to Cyber Risk Intelligence PSO Cyber Risk Intelligence Collects data on prevalence and individual details of errors. Collects data on cyber activity from OSINT, dark web and internal users. Analyzes sources of error by root cause analysis. Standardizes cyber event data into ATEP model and analyzes for trends. Proposes and disseminates methods for error prevention. Speeds response (and pre-response) to incidents. Designs and conducts projects to study safety initiatives including monitoring of results. Manages risks across your internal organization and supply chain. Raises awareness and informs the public, health pros, providers, purchasers and employers. Raises cross-organizational situational awareness of cyber risks. Conducts fundraising and provides funding for research and safety projects. Prioritizes the most effective use of tactical cybersecurity solutions. Advocates for regulatory and legislative changes. Educates and informs your management and peers. 11
- 12. It All Starts with Data… 12
- 13. … The Intel is There 13
- 14. How Do You Get Here? • Sound risk management is founded in evaluated intelligence, just like a PSO • Simplify the complex cyber world into what matters – Who attacked who/what? – How was the attack carried out? – What was the impact? 14
- 15. It Requires Diligent Collection of Cyber Data 15
- 16. Cyber Risk Data Must Be Linked to Your Organization 16
- 17. POLLING QUESTION Do you have a formal threat intelligence and analysis organization/program? (Select the most appropriate answer) A.Our IT/cybersecurity team handles this B.Our manager service provider handles this C.No D.I don’t know E.Not yet, but planning on it 17
- 19. Bridge the Gap Between Low-Level Tactics & Strategic Insights 19
- 20. SurfWatch Healthcare Case Study 20 Large Non-Profit Healthcare System Business Drivers •Wanted to be able to produce their own executive-level cyber reports •“Because it’s real-time, SurfWatch provides way more insight on the cyber world in healthcare than our consulting firm was providing us.” SurfWatch Advantages: •Gives full control of cyber reports produced for management •Adds real-time cyber insights within the healthcare market •Fraction of the cost of what company was paying consultant for static info
- 22. Next Steps and Q&A 22 Read the 2015 Mid-Year Cyber Risk Report: info.surfwatchlabs.com/2015-mid-year-cyber-risk-report Download Sample Dark Web Intel Report: info.surfwatchlabs.com/dark-web-report Schedule a Demonstration: •SurfWatch C-Suite: info.surfwatchlabs.com/request-demo •Dark Web Intelligence Service: info.surfwatchlabs.com/dark-web-service-consultation
- 23. Thank You! Follow us at: www.surfwatchlabs.com
Editor's Notes
- This was at a dr’s office, where I was taken back and waiting to meet with the dr.
- This year the healthcare industry has been on high alert – Anthem and Premera breaches. But this shouldn’t be such a surprise - Looking at data, in 2013 and 2014, Health care networks were being breached, but not by brute force. In fact, the attacks were not even particularly sophisticated at all, but they were carried out deftly: Overlooked back doors in supply chains were being exploited 3rd party software with unchecked permissions was used to easily gain access employees with access to networks were phished and their system privileges used to extract data web applications with network and database access ran with default passwords and incorrect permissions obvious software and network configurations persisted unchecked. All veritable open doors. And in 2015 we’ve seen bigger, badder breaches
- Looking back at data from 1-2 years ago it was clear that a lot of bad cyber activity was going on without the good guys even knowing. Each day, I watched the individual attackers hit their targets. Almost always, they were small and seemingly insignificant ones like local dentists, small consulting firms specializing in healthcare IT, 3-hospital chains in the Pacific NorthWest, plastic surgery clinics, tiny regional hospitals in out of the way parts of your own state that you’ve never even been to, dialysis center chains in the Southeast, 5-person insurance claims processing shops, one-off hospital websites in the Mid-West and even emergency vets just for reptiles (yes, they have those).
- my meetings have shown me that, most often, organizations prize high-cost specialized tools, countless alerts and mountains of low-level log and threat data over anything else. They have been - and still are - too focused on “edge-case” threats independent of any specific risk relevance for their specific businesses. To me, it’s kinda like choosing to look through thousands of keyholes to try and paint a picture of what’s outside the house when you have a system of imagery satellites in geosynchronous orbit. Worse yet, I’ve found most businesses prefer a very broad-spectrum “cover the waterfront” cyber defense approach mixed with just this kind of inconsistent, niche-focused emphasis on highly specific threats that have little true risk relevance for them. To say it another way, they spend on whatever everyone else is spending on at the macro level and get distracted into expending far too much energy worrying about micro threats for which they have little compelling evidence to support being a real threat to them at all. This approach is not only all-too common across industry today, it is in fact, the standard. A standard that’s now starting to be seen as one of failure.
- In my day job, as I meet each week with companies and their cybersecurity teams to exchange info and talk about the benefits of practical cyber intelligence functions inside their business organizations, that data has shown me an equally clear and bothersome image. Healthcare, much like most other sectors throwing their hands up against an impossible cyber defense task, is indolently ignoring the process of gathering and using important, high-level intelligence to focus and tune their cyber defenses against immediate and trending threats. This reactionary/emergency response approach to cyber simply isn’t getting the job done. What we need to do is take an existing approach used in the healthcare industry to treat disease and apply it to cyber… all based on a commitment to data mining, analysis and planning.
- SurfWatch Labs Starts Where Traditional Threat Intelligence Stops Powerful cyber risk analytics and practical BI apps that drive strategic insights for improved long-term cyber resilience
- Met 3 team members in early Dec at SANS Healthcare Cyber Security Summit Worked with Exec Director of Enterprise Shared Services, within HIPAA Security Program Bought 10 user C-Suite license about 1 month after meeting at the event Replacing $100k+ of services with C-Suite