Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.
Issue link: http://sdi.epubxp.com/i/703941
July 2016 www.SecurityInfoWatch.com / Security Dealer & Integrator 31 "ese new threats especially leave those in the healthcare indus- try perched between a rock and a hard place as they struggle to bal- ance limited IT resources and teams relatively new to the sophisticated skills required to securely democra- tize data, with the need to keep data accessible to the users who require it," Munshani explains. "Organizations are seeking an approach flexible enough to enable critical access without making themselves an easy target for bad actors — but this requires a culture change and an adherence to best practices from those working in the industry," Munshani adds. So where do security integrators fall into the ransomware prevention equation? Here are three ways to take an active role for your healthcare client: 1 Be a resource: According to a recent survey of 1,138 companies across a variety of industries conducted by KnowBe4, 90 percent said security awareness training is the most effective way to mitigate the ransomware threat. As your healthcare provider's trusted security resource, integrators should encourage their healthcare clients to maintain a strong cul- ture of prevention when it comes to opening email attachments and other potentially malicious files. Additionally, regular patch- ing and other IT security methods should be top-of-mind, including soware solutions that integrators can offer to help mitigate the risk. "If we examine the research around cyber threats, it is clear that removal of admin privileges, application white-listing and regu- lar patching can defend against the majority of attacks, yet many orga- nizations fail to implement these measures," Maude says. "Endpoint sandboxing technologies proac- tively resolve this issue by isolat- ing dangerous websites and email attachments away from the corpo- rate data in order to prevent the attack in the first place." 2 Take a role in backup systems: Integrators should also encourage and take an active role in preparing their healthcare clients for these types of tasks with proper backup systems. "Backup systems are an essential part of any disaster recovery plan, but can't simply be installed and forgotten — they must be tested and secured," Maude says. "Imagine if backups are encrypted, or a crisis situation where it might take weeks to recover corrupted data. Security integrators must be aware of how important robust backups are, but also need to make clients aware that they should not be used as a defense strategy — only as a measure of last resort," he adds. 3 Secure the solutions: ird, and perhaps most important to the security integrators themselves, IP-based physical security solutions must be secured. at means changing default passwords and controlling how the devices interact with the healthcare provider's network resources. "e most common ransomware attacks occur through email attach- ments and malicious websites tar- geting desktop machines, but there is a growing concern that ransom- ware could begin targeting CCTV and physical security platforms," Maude says. "In the past, attackers have exploited known weaknesses in DVRs to install Bitcoin mining malware with increased connectiv- ity — and it could only be a matter of time before ransomware appears on these platforms." ■ Built Tough for 22 Years Built with SONY & Panasonic Inside Choose Analog / HD-SDI / IP 866-301-CCTV www.ruggedcams.com Plant Floor Outdoor Indoor RUGGED CAMS RUGGED CAMS Beyond Industrial Grade www.SecurityInfoWatch.com/11625087