2. “The Scary Slide” HIMSS 2018 Cybersecurity Survey
Protenus Breach Barometer
Health IT
News
3. So what’s going on??
Insider Threats!
E-mail!
Avg. 308 days
to discover the
breach! 1,037 days
to contain!
HIMSS 2018 Cybersecurity Survey
Protenus Breach Barometer Report
Global statistics in the most recent Ponemon report on the cost of a data
breach show dwell time for malicious attacks has stretched to an average
of 229 days. As most IT pros know, dwell time is the period between when a
malicious attack enters your network and when it is discovered.
The average amount of time it took
organizations in the sample to contain a data
breach was 69 days. In healthcare,
organizations took an average of
1,037 days to contain a data breach.
Ponemon Institute 2018.
Avg. number of days from breach to discovery - 2017
Protenus Breach Barometer Report
4. For Healthcare Entities - HIPAA points to NIST for best
security practices
https://www.nist.gov/cyberframework
6. Where is Healthcare still falling short?
• Not Performing Thorough Risk
Assessments
• Focusing on wrong risks
• Focusing on wrong assets
• Not detecting network activity
• High “Dwell time”
• Insider threats not discovered
• Lack of response planning
• Long Avg. days to respond and
contain
.
Healthcare’s
Focus is Here – on Protect
7. What should they be doing?
Create a Cybersecurity Framework and process based on
NIST CSF
Train personnel on cybersecurity awareness
Continuously!
Conduct a true security risk assessment
NOT a checklist!
Focus on ePHI assets
Asset inventory with technical details
You can’t protect what you don’t know about!
8. …..and more…
Implement a Security Operations Center
Either in-house or as a service
Need “eyes on glass” to monitor the network
Develop incident response plans
BEFORE the incident!
Implement next generation endpoint protection
Detect and Respond to threats proactively
Cyber-Security is not a “one and done” type of project, but is instead and ongoing effort. To assist firms in this sometimes large and daunting process, the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) was published in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for a standardized security framework for critical infrastructure in the United States.
The NIST CSF is recognized by many as an excellent resource to help improve the security operations and governance for public and private organizations. The NIST CSF is organized into five core Functions also known as the Framework Core. The functions are organized concurrently with one another to represent a security lifecycle. Each function is essential to a well-operating security posture and successful management of cybersecurity risk. Definitions for each Function are as follows:
• Identify: Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
• Protect: Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
• Detect: Develop and implement the appropriate activities to identify the occurrence of a security event.
• Respond: Develop and implement the appropriate activities when facing a detected security event.
• Recover: Develop and implement the appropriate activities for resilience and to restore any capabilities or services that were impaired due to a security event.
Organizations wishing to increase their overall Cyber-security posture would be well served in investigating and implementing the NIST CSF. (More information on the NIST CSF can be found at: https://www.nist.gov/cyberframework)