Zombies. You might wonder what the blood-thirsty pop-culture icons have to do with cyber-security, but the connection became very clear to me during a recent binge-watching session of The Walking Dead. Zombies are exactly like the cyber criminals we fight against every day to protect patient data. They’re everywhere you turn, they’re a seemingly unstoppable force, and they’ve both fueled my nightmares more times than I like to remember. Also, just like with zombies, the threat from cyber criminals has got to be stopped or else everything is lost -- reputations, competitive positions and especially the trust of patients.
But winning the fight seems like an insurmountable task when you consider the facts: The healthcare industry loses $6 billion annually due to data breaches, according to the latest Ponemon study. And in 2015 alone, more than 100 million patient records were compromised. So what can be done? That’s where zombie preparedness comes in. The Internet is rife with detailed manifestos on how to protect yourself in the event of a zombie apocalypse. The Center for Disease Control even joined the fray with their own zombie pandemic preparedness guide. While mostly just entertaining, these guides actually do contain lessons we could all learn from as we consider the effectiveness of our security strategies. Here are three things every hospital should always keep in mind…
- There’s never just one attacker. A single shambling zombie is not a big deal. But where there’s one, there’s bound to be more. Many more. The same holds true for cyber attackers. Most of the 90% of hospital that were hit with a breach in the last year actually had up to 5 attacks to report – and you will too if you let your guard down. To grasp the severity of the situation, just take a look at the Norse map of live cyber-attacks happening around the world right now. Networks everywhere are under a constant barrage, and the nature and severity of those attacks changes every day. Your organization is not immune. If anything, you’re an even bigger target because of the value of your data. Remember that and always stay vigilant.
- A single layer of security is never enough. Think about it – what happens when you slam a door in a zombie’s face? He batters his way through it, just like a cyber thief who’s intent on stealing your data. One insignificant line of defense is not enough. There are many areas of vulnerability throughout your network environment and it’s critical to make sure you have multiple lines of security to address them all, starting from the outside in. Think about your entire critical infrastructure as a whole and plan accordingly. No point of entry is too small to consider, right down to educating staff on the importance of locking terminals every time they leave their desks. All a zombie needs is to wedge his fingers in that slamming door. Don’t give him that opportunity.
- To really get rid of the threat, you have to be precise. While the “spray and pray” method of mowing down zombies might make an impressive mess on TV, it’s never very effective -- and it’s definitely not a good approach against cyber attackers. Properly dispatching zombies (and ridding yourself of the threat for good) requires thoughtful deliberation. You’ve got to hit them in the brain, with just the right tool -- and that takes skill and precision. So how does that translate to cyber security? It means make your efforts count. Don’t just implement any old security solution and call it a day. Think about the impact your solution is really having on the security of your patient data and make sure it’s actually doing something to protect it. For example: does your security solution monitor for threats in real time? If your organization is going to be be truly secure, threats need to be identified before they become reportable issues. Any system you implement should proactively protect your patient data by monitoring all activities across the network in real time. Doing so will make it possible to detect unusual behavior that’s indicative of a potential security issue. Also, does your security solution help you to understand user behavior in the context of other employees and peer groups? It’s critical that you have a big picture view of your organization. Choose a solution that connects the dots across applications, systems, networks and channels so you can have accurate visibility into where you’re the most vulnerable.
While zombies are thankfully not a real threat in our day-to-day lives, cyber-attacks unfortunately are. It’s just the nature of the technological world we live in today. Just remember, it’s like Rick on the Walking Dead says “We have to come for them before they come for us.” Keep fighting the good fight everyone.