Tuesday, July 19, 2016

Healthcare and pharma least ready for external cyber risks

Just 16% of healthcare and pharmaceutical agencies have a formal procedure for checking the Internet and social media for external cyber risks.


Additionally, just 26% of respondents in the healthcare and pharmaceutical industry consider they have the devices and resources to observe and understand external dangers; 29% say they have the devices and resources to reduce such threats; and 34% claims that they’ve the tools and resources to monitor these dangers.


Those are among the findings of a latest survey taken by the Ponemon Institute and sponsored by cybersecurity vendor BrandProtect. Particularly, respondents were surveyed about external cyber risks—those that arise outside an agency’s conventional firewall and security perimeter, and utilize online channels and utilize email, mobile apps, social media, or domains as their key attack technology.


“When it comes to the real capability of agencies to have the tools and resources essential to monitor, observe, and reduce these external threats, sadly healthcare trailed in every category,” claims Greg Mancusi-Ungaro, chief marketing officer at BrandProtect. “However there is awareness of this problem, the security teams across the healthcare industry are demonstrating they are behind the curve.”


The 591 information technology and IT security practitioners in the US surveyed were drawn from 6 industries—health and pharma, industrial and manufacturing, financial services, public sector, services and retail—to evaluate differences in preparedness for addressing the external cyber dangers.


In accordance to the findings, the financial services industry is most ready to monitor and mitigate external risks, and is most likely to have a formal monitoring procedure. Instances of external risks involve malware or other payloads; socially engineered attacks; brand-based attacks with ransomware, executive impersonations; rogue social domain activity; hactivism/activism; and activities that breach agreement or regulatory needs.


The frequency of these external threats and their financial prices for industry are important. Survey respondents reported that they experienced an average of 32 material cyber threats during the last 24 months, or moderately more than 1 per month, costing them an average of $3.5 million yearly.


“What this report calls attention to is the chance to genuinely become a tougher target by paying attention to these types of probing-style external threats,” summarizes Mancusi-Ungaro. “These attacks do not merely happen overnight. They are the outcome of a long procedure of reconnaissance, investigation, planning, and external task.”

No comments:

Post a Comment