This blog post is an excerpt from GovLoop’s recent guide, “Government Health IT: The Fight to Keep Public-Sector Data Secure.”
Ransomware is a category of malicious software which, when run, disables the functionality of a device. The ransomware program displays a message that demands payment to restore functionality. The malware, in effect, holds the device ransom – and requires payment from the organization attacked. And it’s a growing strategy of cyberattack in the public sector, particularly in health care organizations.
To discuss the best ways the public sector can prevent ransomware and other cyberattacks, GovLoop sat down with Ken Durbin – CISSP, Strategist: Cyber Risk Management & Threat Intelligence, Symantec, a global leader in cybersecurity.
Ransomware is a growing threat in the health care field for a variety of reasons, Durbin explained. One is that the data health care organizations create and maintain is sensitive patient data, making it extra valuable on the black market. Secondly, several hospitals have already been subjected to ransomware attacks and have paid the ransom, emboldening attackers to continue pursuing the ransomware route because they see the payoffs. Finally, ransomware attacks are most often executed via simple phishing emails, making most organizations quite vulnerable.
Fortunately, there are steps public sector health care organizations can take to prevent future attacks from disabling their data: adapting elements of the NIST Cybersecurity Framework (CSF), and better security training of the workforce.
The CSF is a set of industry standards and best practices to help organizations manage cybersecurity risks that was created through collaboration between government and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on organizations.
The CSF allows cyber professionals to prioritize their cybersecurity plan and explain it in simple terms, making it easier to gain buy-in from up and down the agency leadership.
“Adopting and implementing the CSF can do a lot to strengthen the cybersecurity posture of an organization as a whole,” said Durbin. “But an additional benefit of the CSF is that you can fine-tune it to assess your organization against a specific threat vector. So if you are concerned about ransomware attacks, you can select the controls and aspects of the CSF that will protect against ransomware and filter it down to those subcategories so you can do an assessment for that specific threat.”
Better cybersecurity training of the workforce is another important way to prevent against ransomware attacks, Durbin explained. “Most of these attacks are coming through emails to agency employees,” he said. “This means that training employees how to detect and report phishing emails goes a long way to help reduce the treat. A continuous training cycle to make employees aware they are on the front lines of cybersecurity is an effective way to include them as a part of your overall cybersecurity defense plan.
A strong, coordinated response to threats requires more than a prepared and devoted team, Durbin said. Email phishing is still the primary attack vector for ransomware; however, attackers are starting to adopt techniques typically seen used with Advanced Persistent Threats greatly increasing the impact of a ransomware attack. Therefore, it’s important that strong defenses are incorporated at every level in your agency.
That’s where Symantec can help. Their Integrated Cyber Defense Platform is designed to secure the four pillars of an enterprise information management strategy – Information, Users, Web, and Messaging.
“In each one of those pillars, Symantec has proven solutions that secure your enterprise against multiple attack vectors,” Durbin said. “By aligning our solutions within the four pillars our customers can tailor their cybersecurity strategies to address their most critical needs fast, then expand over time. We have also taken the extra step of aligning our solutions to the NIST Cybersecurity Framework so as our customers address the four pillars they also know how it helps their CSF efforts.”
“The takeaway is that if agencies can look at the four key pillars, and think about how the CSF can work to meet your needs, and properly train your workforce, you’ll be able to take a more holistic approach to securing your enterprise,” Durbin said.
As awareness of ransomware attacks and outcomes increases, the attackers and their malware are likely to evolve and use more sophisticated techniques to evade detection and prevent removal. But with an adoption of a more holistic cyber hygiene via the NIST Cyber Framework, and strong training of the workforce, public sector health organizations can work to keep their sensitive and critical patient information safe.