Sometimes, there is a perception gap between what we believe and what is actually true. When it comes to cybersecurity, this is definitely the case. The perception is businesses are largely reactive, focusing their dollars on limiting the impact of an attack. Why? News stories generally don’t profile how companies are protecting themselves from a potential breach.
For example, a hospital in California recently paid $17,000 to hackers that infiltrated its systems, holding it hostage. News stories on this particular attack didn’t take into account any other activities the hospital may have taken to try to stop this in the first place.
Research from the Ponemon Institute shows that even though we hear about what companies are doing to recover from attacks, it’s not the cyber-attack activity they invest in most. Ironically, detection activities are the top activity, accounting for 30 percent of costs. Recovery was a distant second, while containment and investigation rounded out the top four.
It seems like good news that companies are prioritizing their investments in cyber-attack detection, but it begs another question: To date, is it money well spent?
Let’s look at healthcare as an example. In 2015, the industry reported 55 breaches that resulted in more than 100 million individuals’ medical records being stolen. If companies are spending the most money on detection, this shouldn’t happen, right?
It’s clear that there’s an opportunity to enhance the investments we’re already making in detecting cyber-attacks. Here are four ways that you can do that:
- Know that we may be the problem. One of the biggest risks to our security is ourselves. Today’s hackers attempt to trick us into giving them access to our computers. Training is key to be alert to phishing schemes and other attempts by hackers to infiltrate your IT systems.
- Broaden your horizon for what a cyber-attack may entail. Particularly for the health insurance industry, just because you may have ticked the box for HIPAA compliance doesn’t mean you are secure. Anthem and Premara Blue Cross were both deemed HIPAA compliant, but it didn’t stop hackers from perpetuating massive data breaches in both of those companies last year.
- Understand the ways hackers can infiltrate your system multiplies by the day. We’re all excited about our newest wearable technology devices and gadgets, but think about the types of information these devices contain and how they connect with your existing systems. Watches, streaming media widgets, phones, tablets, and more are likely making their way into the office right now. You probably have a Bring Your Own Device (BYOD) policy, but do you have an Internet of Things (IoT) policy? BYOD policies address your mobile handsets, tablets, and personal laptops, but who’s addressing all the other gadgetry? Now is a great time to start answering these questions with your senior management.
- Ensure you have a multi-pronged approach to cybersecurity. Defense in depth is one of the fundamental security principles that assures there is no single point of failure in the protection of information assets.
“Cybersecurity leaders now understand that defending against threat actors requires a hybrid approach which includes basic cyber hygiene, perimeter defenses, advanced machine learning and behavioral analytics capabilities, encryption and, perhaps most importantly, proper training for both technical and non-technical staff,” Parham Eftekhari, Co-Founder and Senior Fellow at the Institute for Critical Infrastructure Technology, said in a recent news article.
Right now, there is a disconnect between the public’s perception of how reactive companies are when it comes to data breaches and the reality that they spend more on detection than any other cybersecurity activity. Even worse, all the money companies are spending on recovery isn’t stopping data breaches. Attackers only have to be right once, while we have to be right all the time.
Let us help you level the playing field. Visit our website and request a free trial of our secure cloud platform for healthcare that protects against threats, provides a secure data and computing environment, and is supported by a world-class incident defense response team of counterintelligence experts.
Written by Rob LaMear, CEO, US Cyber Vault
Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community. Receive our next issue by signing up here.