Protecting against the digital pandemic

SPONSORED: Resilience and strategy form the foundation for long-term and reliable security frameworks,

In 2021, email threats increased by 64%. This may sound like a statistic that should worry only the enterprise, but it’s one that hit every single sector this year. In fact, cybercrime and cyberattacks are gaining ground globally, increasing in intelligence and scale. From SolarWinds to Kaseya, high-profile cybercrime incidents have underscored the importance of paying attention to cybersecurity and to investing to in security frameworks that can resiliently adapt to whatever lies ahead. This is particularly true for the healthcare sector.

Even though healthcare companies don’t rank in top data breach lists, they are starting to gain statistical ground. The HIPAA Journal revealed that there were 70 data breaches of 500 or more records reported in July 2021 alone – this is a rate of two breaches per day and was actually lower than June 2021. The largest breaches included hacking, ransomware, phishing, and brute force attack–a digital war on data and information that shows no sign of slowing, and every sign of evolving to adapt to changing security standards and protocols.

This doesn’t mean, however, that the war is lost. Only that companies need to focus on solutions and services that provide them with richer security control and capability. The National Institute of Standards and Technology (NIST) recently outlined best practice for ‘Developing Cyber Resilient Systems’, and in it the company highlighted how the perimeter defence and penetration resistance approaches were no longer enough. Today, companies need to focus on the keywords of resilience, design principles, cyber resilience, and strategy. These are the terms that outline a cybersecurity framework that can fundamentally support the healthcare industry.

Resilience is perhaps the most important term to consider when unpacking the health of any institution’s cybersecurity. The threat actors are intelligent and persistent, and they will exploit any vulnerability to achieve their goals. Considering that the take-home prize of any successful attack can number in the millions of dollars, they’re incentivised to succeed. So, a resilient security framework is one that doesn’t remove the traditional ways of securing the organisation but rather adds to them, using technology and ingenuity to build an end-to-end, touchpoint-totouchpoint, security system. It removes the company’s reliance on one basket of security eggs – the firewall, the network, the training – and instead creates a resilient approach that mitigates risks such as single point of failure, and that ensures the system can continue functioning in the event of an attack.

This is perhaps the second and most important part of the security equation, particularly in the healthcare sector. If systems are held to ransom, lives are at actual risk. This is why security has to be built by design on robust principles and within a clear strategic framework that plans for the worst. Healthcare companies need to know that their mission critical systems are protected and will remain online should an attack succeed. As NIST points out, this doesn’t have to be perfect and it doesn’t have to include all functionality, but it needs to be enough that operations can continue while the cyberthreat is managed.

The cybersecurity frontier is rapidly changing and evolving as cybercriminals and experts find new ways of attacking and protecting the business. And this is where the healthcare sector needs to be – here, on the edge of security innovation and change. Which is here after the final part of the resilient security framework steps in – managed security. Managed security services are the proverbial soldiers on the cybersecurity frontlines and cut both the risk and the cost. They are an immediate doorway to comprehensive security infrastructure with skilled experts ensuring that security is aligned to industry best practice.

While cybersecurity remains complex and challenging, it’s not a zero-sum game. With the right partner and security strategy in place, healthcare can continue its gargantuan effort to embed patient-centred care and leverage digital transformation while keeping an eye on the risk. Security is a mindset, and it is one that can put the sector on a solid and secure foundation for the future.