fbpx
Connect with us

Cybersecurity

Healthcare cybersecurity on the rise, hackers close behind

Yehia El Amine

Published

 on

Healthcare cybersecurity

Wherever there is technology, there is the risk of cyberattacks; and the healthcare industry is by no means an exception, especially since the global Covid-19 pandemic.

A vast number of wide-ranging hacks and data breaches launched on hospitals and healthcare providers have drastically increased the industry’s investment within cybersecurity to protect not only their patients, but the employees on the frontlines.

Although several reports have emerged indicating that the healthcare industry has slightly improved its security this year, many within the cybersecurity field have warned that the increased reliance on telehealth will only bring about even more attacks and data breaches.

Healthcare spending in the U.S. — which is the highest among developed countries — accounts for 18 percent of the nation’s gross domestic product, or about $3.5 trillion, the Centers for Medicare & Medicaid Services estimate, and that figure is projected to soar over the next decade.

One report predicts that global healthcare spending will rise from nearly $8 trillion (USD) in 2013 to more than $18 trillion in 2040.

The target painted on the healthcare’s back by hackers has been attributed to outdated IT systems, fewer cybersecurity protocols and IT staff, valuable data, and the pressing need for medical practices and hospitals to pay ransoms quickly to regain data.

Covid-19’s impact

According to India-based market researcher, Market Research Future, the Covid-19 outbreak has significantly altered the healthcare industry worldwide, throwing several challenges at it.

The overwhelming scenario, since the advent of the novel coronavirus pandemic, has been further aggravated by the alarming rise in cybersecurity threats.

“Malicious hackers are leveraging the pandemic by launching a slew of ransom-ware attacks and phishing campaigns. It is not surprising that following the onset of SARS-CoV-2 and the increased vulnerability due to the lockdown, hackers have become even more active than ever before,” the report highlighted.

Thus, these factors have culminated into a promising opportunity for the healthcare cyber security market, with the rising adoption of advanced technologies that could help healthcare fight the battle against digital attacks.

Cybersecurity Ventures predicts the global healthcare cybersecurity market will grow by 15 percent YoY over the next five years and reach $125 billion cumulatively over a five-year period from 2020 to 2025.

MRFR/Market Research Future expects the healthcare cyber security market 2020 to record a robust CAGR of 11.82 percent from 2018 to 2025 (evaluation period). The market is also presumed to gain a striking valuation of USD 16,393.15 Million by 2025.

What’s at risk?

Over the past few years, the healthcare sector has observed a drastic rise in ransomware virus attacks and medical device hacking, which has caused considerable losses to healthcare professionals.

Machines that are commonly used in hospitals and clinics such as life-support devices, pacemakers and X-rays contain malware, which can travel across the network infecting other applications and devices, even the whole system.

According to numbers reported by Health IT Security, HealthEquity was hit by a massive data breach back in 2018, when close to 190,000 of their customers’ data was leaked. This was considered easy pickings for cybercriminals, since healthcare data is shared across a large network, making it vulnerable to malware and ransomware.

In the wake of this attack and others, medical professionals are increasingly adopting upgraded and advanced cybersecurity solutions and software to fortify their data security efforts, which could enhance the market size in the years to come.

With that in mind, Market Research Future anticipates cybersecurity solutions within the health sector to greatly increase due to the adoption of Internet of Things (IoT) devices and products.

“Players are also working on bolstering their product portfolio and introducing healthcare cybersecurity software backed by latest technologies like artificial intelligence (AI) and IoT to impart high security level across large networks in healthcare,” Market Research Future’s report added.

Some of the most used types of attacks against healthcare institutions are primarily advanced persistent threat (APT), distributed denial-of-service (DDoS), malware, and others.

Thus, cybersecurity firms will look to cater to these possible weak points, by rolling out more sophisticated identity and access management software, risk and compliance management software, antivirus, and antimalware, DDoS mitigation, security information and event management (SIEM), and others.

Healthcare cybersecurity global landscape

The industry is mainly divided and spread out into Europe, the Americas, Asia Pacific (APAC), and Middle East & Africa (MEA), according to the report.

Normally, the American market could stand as the global leader, due to its surge of data breaching cases in recent years as well as the availability of highly innovative healthcare information technology solutions.

“The Canadian government has been quite proactive in the development of the healthcare industry and is continuously taking initiatives that promote the use of cybersecurity software in hospitals and other medical facilities,” the report highlighted.

In parallel, Europe could secure the #2 position within the industry, with Eastern Europe and Western Europe being the two key markets in the region.

“Western European countries like France, the UK, Germany, Spain and Italy contribute significantly to the regional market growth, thanks to the extensive and well-developed healthcare infrastructure, and the large budget allocated for the development of healthcare IT,” the report added.

However, APAC has the potential to become the fastest growing market in the years that follow, due to their haste development of technological advancements.

Healthcare providers, companies, governments need to join forces to buffer the effects of cyberattacks; since nobody wants pay with the price of their heath or personal information before cybersecurity measures are taken.

Advertisement

Yehia is an investigative journalist and editor with extensive experience in the news industry as well as digital content creation across the board. He strives to bring the human element to his writing.

Cybersecurity

Ways for remote workers to stop cybercriminals

Yehia El Amine

Published

 on

cybercriminals

The COVID-19 pandemic has drastically changed the way humans interact with each other across the board, handshakes have switched to fist bumps, massive conferences have gone digital in the form of webinars, and more importantly, employees have built makeshift offices within the comfort of their own homes.

According to Shefali Roy, former CCO & COO at TrueLayer, a UK-based FinTech firm, working from home has become the new norm.

“People are working longer and harder, which can be a big cause for concern with regards to employee burnout since they’re on high alert at all times due to the sudden merge of workstations and home comfort,” Roy said during a the MoneyFest 2020 webinar.

Thus, it isn’t strange for employees to start asking their employers about their work-from-home policy.

While remote working offers safety from a physical virus, it exposes employees to threatening digital viruses. Cybercriminals have taken advantage of this shift in the workplace and have targeted their sights around remote employees across the board.

According to a report published by Kaspersky there have been almost 726 million confirmed cyberattacks since the beginning of the year; “This has put 2020 on course to rack up somewhere in the region of 1.5 billion cyberattacks for the year,” the report stated.

While some companies have rejuvenated their IT security teams to deal with threats, many other companies haven’t and a big number of businesses are exposed to these breaches every day.

This leaves workers to fend for themselves against sophisticated cybercriminals’ intent on stealing their information and wreak havoc on businesses.

Fret not, according to the National Cyber Security Alliance, a U.S.-based cybersecurity non-profit, there are a number of ways that can help you protect your sensitive company information while venturing out of the digital safety of the office:

  • Think before you click. Cybercriminals are taking advantage of people seeking information on COVID-19. They are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Slow down. Don’t click. Go directly to a reputable website to access the content.
  • Lock down your login. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
  • Connect to a secure network and use a company-issued Virtual Private Network (VPN) to access any work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public Wi-Fi to access work accounts unless using a VPN.
  • Separate your network so your company devices are on their own Wi-Fi network, and your personal devices are on their own.
  • Always keep devices with you or stored in a secure location when not in use. Set auto log-out if you walk away from your computer and forget to log out.
  • Limit access to the device you use for work. Only the approved user should use the device (family and friends should not access a work-issued device).
  • Use company-approved/vetted devices and applications to collaborate and complete your tasks. Don’t substitute your preferred tools with ones that have been vetted by the company’s security team.
  • Update your software. Before connecting to your corporate network, be sure that all Internet-connected devices ‒including PCs, smartphones, and tablets ‒ are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.

While employees can arm themselves with these helpful tips to fend off cyberattacks and breaches, remote workers can still educate themselves on how to spot phishing and ransomware attempts.

There are more than a handful of hints that could flag emails as suspicious or malicious, such as:

  1. Strange requests: these types of emails tend to give out information that’s out of the ordinary, maybe an unexpected request or one that isn’t directly relevant to you. The most likely case is that it’s a typical phishing email, even if the domain came from within your very own organization, call the sender and ask.
  2. Generic salutations: If someone is sending you an email and not addressing you personally, then chances are the sender doesn’t know who you are. Best-case scenario, it could be a marketing campaign, or the worst-case scenario is that you’re being targeted.
  3. Spelling errors: especially during emails, people will always double and triple check their emails for typos and spelling errors to remain professional. Thus, finding these errors are ‘phishy’ so beware!
  4. Be wary of attachments: this is exactly how cybercriminals worm their way into computers, which is why if the sender or email seems suspicious, chances are, the virus is laying in wait in the attachment.
  5. Shady URLs: hiding or spoofing links is the easiest thing to pull off, since the URL could take you to a different destination to where a link reads; although staying away from it is the best course of action, you could always hover over the link to check if the destination leads to where you expect it to.
  6. You’ve won our competition:while these traps can obviously be spotted, people are still falling for these schemes in 2020. Always remember, if it’s too good to be true, then it most likely is, so stay away.
  7. Scaremongering: A common approach used by cybercriminals is to claim something like “your account has been breached!”. This creates a sense of urgency and vulnerability and can prevent people from thinking clearly. If the claims in the email were true, would the sender really tell you in this way? Always check through a different means of communication.
  8. Change of behavior: Maybe you’ve received an email from somebody you trust such as your boss, or colleague, but the language used is different from normal. Maybe it’s too formal or informal. Maybe the email signature isn’t the normal one used. You’re probably used to the way these individuals talk to you, so if it’s not normal, something weird might be going on.

As time passes, and technologies get more and more advanced, so do cybercriminals, as they stay up to date with the technological winds of change to further find their weak points. Thus, employees who choose to stay remote have a responsibility toward their employers to remain safe online, as the damages are no longer measured on an individual level, but can take down entire organizations.

Continue Reading

Cybersecurity

Time to start taking cybersecurity more seriously

Yehia El Amine

Published

 on

cyber-sec

Cyberattacks across the world have drastically increased, while most of them don’t dominate headlines – such as the Adobe or Equifax breaches – hackers have targeted companies of all sizes seeing that business digitization is on the rise due to the COVID-19 pandemic.

With the world transforming into a data-fueled reality, the risks become larger, and more important to protect.

Global spending on cybersecurity products, services, and solutions will likely reach $1 trillion by 2021, according to Cybersecurity Ventures; this indicates that online protection, which was mainly reserved by the biggest of companies, is beginning to hit the mainstream, especially by small and medium enterprises (SMEs).

One of the main creditors to this trend is the huge rise of people relying on digital services, such as working remotely, online shopping, and generally being more digitally connected during worldwide lockdowns.

Hackers & the pandemic gold mine

In the U.S., during the pandemic the FBI’s Cyber Division reported 4,000 complaints of cyberattacks per day, which represents a 400 percent increase during pre-coronavirus times.

But the attacks are not only directed toward businesses.

“The world is witnessing an alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure, targeting all types of businesses, including critical medical organizations,” a report by Interpol highlighted.

In parallel, Microsoft reported that COVID-19 themed attacks – mainly using phishing or social engineering attacks – have jumped to 20,000 to 30,000 attacks a day in the U.S. alone.

According to a recent survey published by PwC, 65 percent of organizations in the UK alone have reported that they’ve either been breached or exposed to a cyberattack.

Meanwhile, only 42 percent said they were “well prepared” for moving to remote working, compared to 45 percent who were “somewhat prepared” and 13 percent who were not prepared at all – leaving more than half of all firms at least moderately under threat.

PwC surveyed almost 3,249 business and technology executives across the world, including 265 in the UK, which saw Internet of Things (IoT) and cloud service providers top the list of ‘very likely’ threat vectors in the coming 12 months, accounted by 33 percent of companies.

 “Cyber-attacks on cloud services were found to be the most likely threats to have a significantly negative impact – as noted by 24 percent of those polled,” PwC highlighted.

Strengthening the frontline

The UK witnessed the most brutal of attacks, as British respondents cited 58 percent of their attacks being on cloud services, followed by 52 percent done by disruptionware attacks on critical business services, and finally 50 percent using ransomware.

This large number of cyberattacks has pushed British-based businesses and execs to upgrade their security systems since “around 40 percent of executives in the global survey planned to increase resilience testing to ensure that, if a disruptive cyber event occurs, their critical business functions will stay up and running – but 96 percent of UK respondents said that they will shift their cybersecurity strategy due to COVID-19,” the survey added.

Businesses across the board have taken note of this, which is why cyber budgets will look to drastically increase as the new year approaches.

This has been confirmed by PwC, as 55 percent of its survey respondents echoed the above statement, regardless of 64 percent of execs forecast a decline in business revenues.

While companies are prepping to foot a cybersecurity bill, a quarter of respondents have stated that they will downsize their spending, leaving cyber teams doing more with less resources in hand, as 13 percent of companies will have to make do with the same budget.

“It’s surprising that so many organizations lack confidence in their cyber security spend. It shows businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, while changing the way they think about cyber risk, so it becomes an intrinsic part of every business decision,” Richard Horne, Cyber Security Chair at PwC said.

Can AI champion cybersecurity?

As technological advancements keep moving forward at a rocketing pace, cyberattacks become more and more sophisticated; while the current protection tactics have proven to be effective against certain scenarios, the fear lies with the unknown.

Which is why many cybersecurity firms have begun using artificial intelligence (AI) as a means to close the gap between the sophisticated cybercriminals and the forcefield that keeps them out.

AI systems have the ability to detect new forms of attacks and breaches and react to them accordingly; this would not only change the security’s approach of being reactionary, but would allow experts to study these techniques to develop solutions that would counter them.

One example of how AI is used in the rapidly changing pandemic and post-pandemic landscape is in recognition of uncategorized or unlabeled websites with illicit intentions that are related to the usual triggers, such as fear.

According to MarkMonitor, there are more than 100,000 COVID-19-registered domains.

“Our AI analysis of uncategorized websites that were accessed by people over a period of 50 days shows that between 20 percent – 35 percent of websites contain content which, while not directly dangerous, is at least misleading or shows signs of possible illicit intent,” writes Leonardas Marozas, Security Research Lab Manager at CUJO AI, a U.S.-based software company.

He added that while threat intelligence is a source of confirmation for a cyber threat actor, AI usage will foresee potential malicious activities before they are known or registered in knowledge bases.

With the business world becoming more and more comfortable with the idea of remote working, AI has the potential to overcome and help solve a myriad of challenges on the security front.

Alternatives to weather the storm

As the conversation of cybersecurity in businesses continues and will likely intensify, there are numerous ways that companies can help their employees become more aware and secure of their behavior online.

The Center for Internet Security published a resource guide on how employees can keep themselves safe as they continue their work schedules from the comfort of their own homes.

Securing employee home networks

While conducting business through a VPN can add a layer of security, there are simple steps employees can take to secure their home networks. Employees need to know what devices they are using while working from home.

Once they’ve identified the devices they’re using, have them download the instruction manuals from the respective manufacturer websites. These instruction manuals will give them step-by-step instructions on how to enable security settings like these:

  • Practice smart password management and enable two-factor authentication (2FA) wherever possible.
  • Enable automatic updates for all routers and modems. If equipment is outdated and can no longer be updated, it should be replaced.
  • Turn off WPS and UPnP.
  • Turn on WPA2 or WP3.
  • Configure the router or modem’s firewall with a unique password and enable the firewall.
Employee personal device security

Some employees may be using personal equipment instead of, or alongside, company-issued hardware. Here are some steps employees should take to secure their personal devices, especially when they’re using them for work purposes:

  • Patching – Patching systems to remedy known vulnerabilities continues to be essential. Your organization’s plan for doing so may need some adjustment with a largely remote workforce.
  • Home Computers – Recommend that employees implement security on these devices including installing anti-virus, firewall, and anti-spyware, and apply security settings in web browsers.
  • Printers – Employees should look up printer security for their printer make and model to ensure security of the device and network connection. If printing, use an appropriate shredder based on company best practices.
  • USB Devices –Staff should use only company-approved USB devices.
  • Storage – Designate how and where an employee can store sensitive information. Use hard drive encryption on work laptops or external hard drives.
  • Access by Others – People who work from home during the occasional weekday usually don’t have a full house, but they might now. Ask employees to keep work devices for professional use only and lock their devices when they step away from them. Innocent activity on a work computer could lead to a breach. This is also a good opportunity to educate family on cybersecurity.

While online security threats keep rising and advancing, business and government leaders need to keep cybersecurity as a top priority to ensure that healthcare, supply chains, military operations, and other vital systems are not compromised.

Continue Reading

Cybersecurity

Telco cybersecurity: preserving customer trust as new technologies edge closer

Yehia El Amine

Published

 on

Telecoms operators are vulnerable to cyberattacks around the world, mainly due to their critical national and international roles in infrastructure and communication, while possessing heaps of sensitive data from their large clientele. 

Almost 43 percent of telecom companies have suffered from DNS-based malware in 2019 alone, noting that a staggering 81 percent of these companies were sluggish with their response, waiting three days to apply critical patches to remove the breach, a report by US-based cybersecurity firm, EfficientIP.

“Last year, a single DNS attack cost a telco organization $622,100. This year, the research shows telcos lose an average of $886,560 from each DNS attack, an increase of 42 percent in just 12 months,” the report highlighted.

And as the world went into complete and total lockdown due to the Covid-19 pandemic, hackers went to work reinforcing their efforts of attacking, breaching, and stealing company and user data far and wide. 

Many experts have noted that during the pandemic, the volume of cybersecurity attacks on telecoms operators has increased five to six times than previous years. 

This is primarily due to a couple of reasons, the first being people largely leaning on telecoms to resume working, communicating, gaming, studying and basically anything that requires an Internet connection. 

“With a large part of their customer base operating online, strong network security has become a business necessity for the entire telco sector in general. Ensuring consistency and reliability in service is a crucial step towards providing elevated customer satisfaction,” the EfficientIP report highlighted.

Second, the industry’s position is at the heart of a major digital infrastructure overhaul of their operations to accommodate the up and coming technologies on the horizon such as 5G, Internet of Things (IoT), the Cloud, AI and the likes; this transformation needs to adopt a cybersecurity by design approach. 

Focusing on these technologies from a wider lens, the number of attacks on cloud technology platforms doubled in 2019. Following this trend, a Mimecast report showed that the number of external attacks on enterprise clouds increased by 630 percent within the first two months of the onset of the Covid-19 pandemic.

Without forgetting the ever-present threat posed by malware, ransomware, DDoS attacks, security hacks on employees and customers, signaling threats, and more.

However, the rampant number of cyberattacks and its relation to customer trust, has incentivized telcos and tech companies alike to start dipping their toes in the cybersecurity market.

The result of this can be pointed toward the lucrative aspect that the cybersecurity industry has to offer, and the consistent need of being shielded from digital threats as the world preps itself to enter the fourth industrial revolution with the rollout of 5G. 

The jump into the cybersecurity pool has already started. 

In 2018, $5.8 billion in global venture capital and private equity investments poured into cybersecurity market, 81 percent more than in 2016, according to numbers by U.S.-based Strategic Cyber Ventures. 

An example of this can be seen through Cisco’s $2.4 billion acquisition of Duo Security, while BlackBerry acquired Cylance for $1.4 billion.

In terms of private equity, Barracuda Networks was acquired for $1.6 billion by Thoma Bravo, Bomgar by Francisco Partners for $739 million, while Blackrock spent $400 million on Cofense. Elsewhere in the more complicated financial world, Skyhigh Networks acquired McAfee with assistance from its financial sponsors Thoma Bravo and TPG Capital.

This move is bolstered by the operators’ inherent strengths, which include access to large volumes of network data, the ability to leverage their existing customer base, having a strong foothold in the cloud-related services market, and extensibility in offering mobile security services.

From there, telcos must leverage these acquisitions and the disruptive technologies that come with them to set themselves apart from competitors, capitalizing on the trust given to them by their large customer base. 

This can be done by embedding cybersecurity by design within their next generation plans of transforming their digital infrastructure that will enable up and coming technologies. 

According to EY insights, the process should be addressed in three distinct steps to build the essential ‘trust’ needed – Now, Next, and Beyond:

Now – Cybersecurity hygiene: Telecom operators should regularly conduct external vulnerability assessments and penetration testing, patch management and third-party risk management. 

A strong emphasis should be directed towards consumer trust; and operators must look at establishing channels that quickly inform consumers of suspicious activity and provide them with guidance on security best practices. 

Telecom operators should also implement Domain-Based Message Authentication, Reporting and Conformance (DMARC), enhance network security, and set strong remote working policies for their staff.

Next – Cybersecurity efficiency: Telecom operators must center their efforts at tackling medium-term threats posed by 5G, cloud, and IoT. 

They should also look to capitalize on automation technologies to improve efficiency and reduce human errors while collaborating with ecosystem partners to understand security risks as well as raise awareness to customers. 

It is also critical that operators establish a zero-trust architecture that eliminates data security risks and focus on strong cybersecurity governance.

Beyond – Secure the ecosystem: Looking at the Beyond, it will be critical to collaborate with peers, government agencies, manufacturers and vendors to raise their security levels and enhance their cybersecurity. Telecom operators must also engage partners in other industries to develop a robust security framework that will enable interoperability between sectors.

The Covid-19 pandemic has highlighted the role of telcos on both national and international fronts, as their services are deeply embedded within our socio-economic fabric. Which is why the fourth industrial revolution should be ushered into reality with strong network resilience and an aim to preserve customer trust. 

Continue Reading

Trending