Skip to content

Why the Internet of Medical Things (IoMT) Needs Better Security

Death by a Thousand Paper Cuts – The Daily Slog

The word “hero” gets thrown around a lot, but not usually for your average Network Administrator. However, if people knew how much work it truly takes to keep your corporate network humming along (securely, of course), there would probably be a national holiday. Maybe even a parade.

While you might not get the appreciation from the general public you deserve, Portnox has your back – we’ve created a new tool called Switch Commander to make everyday network administration tasks a little bit easier. Now you have one easy-to-use UI that covers all your switches.

And the best part – this tool is FREE! No trials, no credit card needed-just download it and become the commander of all your switches.

Vendor Agnostic

With Switch Commander, all you have to do is add your switch – we support SNMP v1/v2 and v3, Telnet, SSH, and HTTP/S logins. Once you’ve added all your devices, you can do simple daily administrative tasks like assigning ports to specific VLANs or seeing the status of all ports on the switch. The awesome thing is you don’t have to worry about command syntax – if your network is a combination of several different vendors (like 81% of the users we surveyed), you won’t have to remember if it’s shutdown, disable, or no power.

switch monitoring portnox

Getting Started with Switch Monitoring & Management

So, now that you’ve got your switches added – what can you do?

A good place to start is the Probe command – this will download all information from the switch and show it to you in a table format (the probe results are shown in the white area on the left in the screenshot above). You can see all ports, including their associated VLAN ID, and the MAC address of what is connected to them.

The Output panel (on right-hand side of the screenshot below) will show you a detailed overview of actions performed on the switch, and the Action panel shows the OID commands executed on the switch when an action is performed. This is super helpful if you’re using an SNMP-based switch monitoring system and need to see if a particular OID is supported.

From here you can enable or disable a port and set or change the VLAN.

port monitoring portnox

Least Privileged, Most Useful

Another huge advantage is that once you’ve added in your switches, you can give other IT staff access to Switch Commander without having to give them credentials to the switches themselves. The login information for each device is encrypted and stored in the Switch Commander database, which has its own separate login. Now it’s safe to have your junior admin turn ports on and off or move VLANs around without them having the keys to the whole kingdom. You can also filter results so that one switch that has 10,000 ports isn’t so cumbersome to search through.

Lookin’ Fancy!

Look, if you have to stare at a screen all day, the least you can do is make it look nice with your favorite colors, right? And maybe throw on dark mode when it feels like your eyes just need a break from super bright white backgrounds! Well, Switch Commander has several different themes and skins you can choose from, so you can customize the look and feel to how you want it without burning your retinas.

Switch Monitoring & Management with Switch Commander

Doing basic network admin tasks on your switches may not save the world, but Switch Commander will save you valuable time keeping your network humming along, and that’s still pretty great. Download Switch Commander for free today and see how easy it can make your regular switch administration tasks.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How to Leverage the Principle of Least Privilege for Stronger Network Security

The principle of least privilege (PoLP) is an information security concept that gives applications or users minimum required network permissions to perform their jobs. Therefore, PoLP is an important aspect of privilege access management (PAM). 

Implementing the principle of least privilege provides network security by avoiding needless exposure. For example, a user and employee access limit reduces the risks of cybercriminals getting hold of critical files. 

Having easy access to the most critical assets of an organization is vitally important. The only users with full access should be the current administrator or the executives in the company. For newly hired personnel within the organization,  the lowest permission levels should be implemented at the onset. Full permissions should be granted  after screening and a background check. Bear in mind that background checks are  always cheaper than data breaches. 

Why is PoLP Important?

Putting the least privilege in place goes beyond having a single or limited number of admins for internal operations. Subsequently, many organizations give users over-privileged access to information that has nothing to do with them. The bitter truth is that half of the users share their credentials with someone else. 

Cyber threats occur inside or outside, and both attackers operate alike. Criminals from outside leverage user account to gain control over endpoints and to acquire targeted access to valuable data. Insiders leverage  the access they have or any compromised accounts. With that, they can leverage data and applications for malicious activities. 

The principle of least privilege ensures that access to critical assets and high-value data gets protected. It applies to not only  just users, but also  to applications, connected devices, and systems that require access as well 

The principle of least privilege allows the minimum amount of access necessary for employees to complete their job without restriction. It gives a form of balance, keeps systems safe, and facilitates productivity. 

There primary goals of least privilege include:  

  • To bring a balance between usability and security protections. 
  • To implement a minimum access policy for managing and securing privileged credentials.  
  • Flexible controls are needed to balance compliance requirements with cybersecurity, end-user experience, and operational functions. 
  • Users only need access to the minimum amount of required privileges. 
  • There’s a need to give users a frictionless experience while keeping the system highly secure.  

Key Benefits of Least Privilege

Reducing the Potential for Insider Threats

Cyber actors on the inside use  access to get all accessible data  for exfiltration or destruction. In order to successfully prevent an insider threat, use a comprehensive security policy that contains procedures to prevent and detect misuse. There should also be guidelines for conducting misuse investigations and potential consequences and restricting employee access to  critical infrastructure. There should have a place for locking up sensitive information and isolating high-value systems requiring tight verification access. If necessary,  biometric authentication can be used to prevent  employees from using another staff key card. 

Reducing the Attack Surface

An attack surface refers to all possible points where unauthorized users could gain access to a system and extract data. Organizations with already over-privileged users need to implement the least privilege principle to eliminate unnecessary access. A smaller attack surface is easier to protect. One way to go about it is by determining user roles and privilege levels, to help  understand the particular behaviors of users and employees.  

Limiting Malware Propagation or Infection

The principle of least privilege prevents malware from spreading on a network. Malware often requires local administrator rights to gain access. Meanwhile, an administrator with access to various network resources has the potential to spread malware to others.  

Having fewer users with elevated rights helps in reducing malware infections. In the event of any attack, it becomes easier to contain, thereby preventing the spread to the entire system. In addition, PoLP reduces users’ ability  to install or download unauthorized applications, which can often include malware. 

Increased System Stability

Organizations often have to deal with human errors from within the work environment. For instance, an employee could mistakenly tamper with a file and cause major organizational issues . The principle of least privilege is a great way to prevent high-impact human error and thus guarantee greater network and system stability. 

Applications running with restricted privileges  are  less likely to crash the entire system. PoLP also helps limit the downtime associated with a crash or data breach. As a result, an organization practicing PoLP enjoys more stability, enhanced fault tolerance, and improved work productivity.  

Challenges with PoLP

Implementing the PoLP comes with numerous benefits, though certain roadblocks can impede its full success. These might include: 

Diverse and Complicated Networks

The least privilege comes with the need to centralize accounts to accommodate users and machines. Modern computing environments use numerous complex  platforms – both cloud and on-premise. The implication is multiple endpoints for applications and heterogeneous operating systems. As a result, it becomes quite challenging to guarantee the five most important concerns for the security of an organization’s network.  

These five concerns include the constant protection of networking equipment, security from computer operating system attacks on , preservation of computer hardware , and maintaining data integrity and confidentiality..  

Cloud Computing and Environments

Companies that use cloud environments experience challenges regarding  a lack of segmentation, excess privileges, and account sharing due to cloud-native computing. The misconfigurations that stem from cloud permissions often leave an organization vulnerable to potential cybersecurity attacks. Therefore, implementing the principle of least privilege requires strategies beyond a single tool or product.  

Default Settings Challenges

Operating systems focus more on ease of use than security. Moreover, the software conditions come with default credentials that are easy to find online. These operating systems shy away from enforcing a minimum access policy as default. The implication is that users have the power to carry out actions like creating backups and deleting files. which can negate the principle of least privilege and expose a network to potential attacks. 

How to Implement PoLP

The Implementation of PoLP need not be a complex task. A simple restriction preventing end-users from exfiltrating certain information is a good start. Organizations that want to successfully implement the principle of least privilege can start with the following:  

  • Conducting privilege audits by reviewing all existing accounts, programs, and processes to ensure there is no loophole.  
  • Starting or converting all accounts to least privilege  to put the necessary checks and balances in place. 
  • Organizations can also add privileges based on the access required to perform specific tasks.  
  • Separating privileges requires distinguishing between lower-level privilege accounts and higher-level-privilege accounts. 
  • Track and trace user or individual employee actions through one-time-use credentials. It goes a long way to avoid potential damage. 

Examples of the Principle of Least Privilege

The principle of least privilege has opportunities for every level of a system. It covers applications, databases, end users, networks, systems, processes, and all other facets of an IT environment. Here are some examples of accounts that need PoLP:   

  • User Accounts: The principle of least privilege only gives users or employees the necessary rights for carrying out their tasks or responsibilities. If the user’s computer gets compromised, it limits the lateral spread of that threat. A major challenge arises when an employee has root access privileges, which can cause  
  • MySQL Accounts: When several accounts perform unique tasks, a MySQL setup needs to follow the PoLP. When the online setup allows users to sort data, the MySQL account with sorting privileges becomes an issue of compulsion. That way, a hacker who gains access to exploits  only gains the power to sort records. However, there comes a big problem if the account has the power to delete records, as the hacker then has the ability to wipe out the entire database. 
  • Just in Time Accounts: Users who rarely need root privileges should only receive reduced privileges the rest of the time. Organizations must make it a policy only to retrieve passwords from a vault when needed. Using disposable credentials equally goes a long way to guarantee cyber security. It serves as a great way to increase the traceability of a network. 

Final Thoughts

Network security best practices call for implementing the principle of least privilege. It serves as  an efficient method for ensuring mission-critical data does not fall into the wrong hands. With such high stakes, it is crucial to learn how to properly implement PoLP  across your organization’s network.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Enhancing OT Security Without Disrupting Operations

What is Operational Technology?

Cybersecurity has come a long way in the recent past. Its importance is felt in all aspects of modern life, both personal and industrial. The current digital and network advancements are steadily pushing Information Technology (IT) and Operational Technology (OT) towards integration. While IT systems interact with each other for data-centric computing, OT systems involve hardware and software that monitors or controls physical devices and processes to detect or cause changes in an industrial environment or enterprise.   

OT plays a significant role in Industrial Control Systems (ICS) and encompasses a wide variety of programmable systems such as Supervisory Control and Data Acquisition systems (SCADA) and Distributed Control Systems (DCS). These are found in many aspects of the environments we interact with daily, which makes keeping these systems secure a top priority.  

Industrial systems traditionally have relied on human monitoring and management through proprietary control protocols and software. Today, however, more industrial systems are automating these processes in a bid to boost efficiency and deliver better and smarter analytics through the convergence of OT and IT systems. This fills in the  gap that previously that isolated OT from IT. This bridge ensures that the information passed down to the people, sensors, devices, and machines is accurate and on time.  

How IoT Adoption Affects OT Systems

Anyone who has been around long enough to see how the internet and modern technology have changed the world can attest to its benefits. The shift to making most aspects of human life ‘smart’ has had both positive and negative effects. In a bid to make OT systems more efficient and reliable, most people have adopted integrated enterprise software and analytic data services. This makes processes and systems such as cooling efficient and also monitoring devices easy and more cost-effective. 

This action comes with one main downside; an increase in security risks. The connection of these systems leaves industrial networks and components vulnerable to OT security deficiencies such as lack of encryption, buffer overflow, backdoors and other tailored attacks on physical components. 

The digital attack surface also grows massively. For instance, in a configuration where things go through a switch, it would be difficult to monitor the traffic or detect changes. This makes the network vulnerable to targeted attacks. Some economies or communities could face utter devastation should their industrial systems be attacked due to the high cost of some of the industrial equipment.  

On the brighter side, industrial networks can be protected without risking non-compliance or disruption of operations. While IT security deals with data flow and its protection, OT security is focused on the safety and efficiency of industrial operations. By implementing proper security strategies and policies that ensure the visibility of all network control traffic, you can effectively reduce security risks and protect operations. 

Modern OT Security Approaches

The integration of OT and IT systems has led to the development of OT security. This is done in a bid to protect lives and assets and ensure that there is no operating downtime leading to production losses. The common standards and practices for secure OT systems are detailed by bodies such as The National Institute of Standards and Technology and the UK’s National Cyber Security Center. Their reports have detailed information on OT risk management, vulnerabilities, recommended practices and guidelines. These form the framework for different ways to secure OT systems.

When protecting OT systems, one must first understand the vulnerabilities that they face. Now that OT, IT, and IoT systems have become part of an indistinguishable system, any margins of error could mean a collapse in the whole network. Some of the ways OT networks are compromised by malignant elements include:   

  • Unauthorized Changes: This could consist of disabling safety sensors and alarms. This also increases the risk of bad actors inputting instructions that could lead to downtime. 
  • Interference With Critical Infrastructure: Access to sites and operational systems should only be granted to authorized personnel. Interference of control units and equipment protection systems could lead to irreparable damage, 
  • Manipulation or Modification of Sent Information: Hackers use this technique to disguise unauthorized changes and breaches as they penetrate the system. 

It is always essential to understand that attacks could come from within. It could be rogue employees with infected USBs or even poor coding. This means that industrial security has to be both preventive and offensive. Apart from the conventional security protocols, OT protection must be based on a fully visible IT/OT infrastructure. This means employing monitoring and analysis tools that can detect even the most minute anomalies.  

Best Practices for OT Security

An efficient OT security plan should incorporate three main levels of protection and include the following practices: 

Using Next-Generation Firewalls (NGFW) in OT Networks

Traditional firewalls had their drawbacks in terms of network speed, awareness limitations and their inability to adapt to new threats. Next-Generation Firewalls (NGFWs), on the other hand, offer the best security against threats by giving you complete control of the industrial systems. These firewalls are made to meet any configuration in the ICS for maximum visibility and monitoring. Organized architecture in terms of control ensures efficient and uninterrupted workflow.  

Having Efficient System Restore Plans

Should there be any breaches or failures of certain components within the OT network, there should be protocols to restore functionality without delaying operations. The SRP should take the least amount of time. Moreover, despite the conditions or challenges faced, the industrial environment should be designed in a way that ensures operations can continue running, awaiting restoration. This means enabling the workforce access to manual control and emergency operations.  

Risk-Based Vulnerability Management

The RBVM system provides comprehensive information on possible threats and the extent of their effects. In collaboration with network analytics such as mapping constant monitoring, it is possible to anticipate the risks that the threats pose and prepare the security team with efficient responses or possible SRP.  

These layers of protection also need to be coupled with other general security practices. For instance, access to OT network devices and systems should be restricted to unauthorized parties. This can be achieved by separating the cooperate network from the OT network. On the other hand, remote access solutions should be available.  

Remote access is a contentious security measure. One of the channels used by bad actors is the backdoors that remote access leaves. To counter this vulnerability, remote access sessions can be restricted and monitored by time and user activity. When it comes to safeguarding data, the best solution is encryption. Backups and restore points also need to be in place. Using these tools and security protocols means that the OT network remains secure while the industrial environment remains fully operational. 

What the Future Holds for OT Security

The best part of technology is its nature and tendency to evolve. This means that cybersecurity will only get better. At the moment, OT security faces a couple of minor setbacks primarily due to its nature. A fact that is evident in the design of these systems. Since they are meant to run for years, the focus is placed more on their reliability rather than security. As more OT systems are connected to a network, their lack of initial security and use of legacy protocols poses significant risks.  

As mentioned, however, the beauty of technology is adaptation. To maneuver these challenges, businesses are adding newer devices to their OT enterprises and taking OT cybersecurity seriously. It is clear that the future of OT security is bright due to the growing investment in OT security. Professionals in this sector are increasing in number every day after its necessity was realized.  

Cloud technology has also improved the industrial environment by connecting workplaces. This game-changer is poised to boost production and ensure efficiency while still maintaining low production costs. 

Controversial as it may sound, even hacking and other unauthorized breaches help increase OT security. This inverse effect is due to the fact that by revealing the gaps and vulnerabilities in the system, light is shed on the areas that require patching or even upgrading.

Final Thoughts on OT Security

In conclusion, every party involved in this industry must acknowledge the need for upgraded and efficient OT security solutions. There is a need to pool resources and specialize in OT Cybersecurity if its development is to be sustainable and future-proof.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

CISA Urges Organizations to Prepare For Future Quantum Threats

As the world anticipates quantum computing, many believe it has potential benefits for every industry. Equally excited and awaiting its rollout is the hacker community who could use these powerful quantum computers to compromise the digital systems we use daily including online banking and email software

The US Cybersecurity and Infrastructure Security Agency (CISA) has already warned that organizations need to take action to protect network infrastructure for the transition to post-quantum cryptography.

Many governments believe that quantum computers can be used to break public-key encryption methods that countless networks use today. A fully-functioning and stable high-qubit quantum machine could potentially wreak havoc across the internet. It will lead to the vulnerability of secure networks and loss of public confidence in major institutions and businesses

The good news is that these governments are developing post-quantum encryption schemes. For instance, the US National Institute of Standards and Technology (NIST) has been running multi-year effort since 2016 calling upon cryptographers around the world to devise quantum-resistant encryption methods. It aims to standardize one or more quantum-resistant cryptographic schemes to foster a transition to seamless security for the general public.

What is Quantum Computing?

Quantum Computing focuses on the development of computer-based technology hinged on the principles of a quantum theory. Experts believe the present experimental quantum computers can render the conventional system obsolete. Its benefits include advanced research, higher-level simulation, and accelerated growth of artificial intelligence models.

Is Quantum Computing a Risk?

Despite these promising benefits, there are concerns about some negative implications which include ethical and security risks for businesses, quantum attacks from hostile nation-states, and exacerbating current issues like data harvesting.

CISA’s Stance on Quantum Threats

CISA asserts that critical infrastructure is more at risk largely due to the public-key cryptography that U.S. networks rely on to secure sensitive data.

CISA provides insight to all critical infrastructure owners to have a successful transition in their Post-Quantum Cryptography Roadmap. The roadmap stipulates the following measures:

  • Taking actionable steps like inventory assessments of current cryptography technologies.
  • Developing acquisition policies for post-quantum cryptography.
  • Training staff about the upcoming transition from conventional to quantum computers is necessary.
  • Increasing engagement with standards developments relating to necessary algorithms and dependent protocol changes.
  • Managing inventory assessments and the security of critical datasets for an extended time.
  • Organizations must identify systems where public key cryptography is used and mark these systems as quantum vulnerable.

Preparing Organizations for the Quantum Threat to Cryptography

Many believe the time to worry about quantum computers threats is in a decade — but it’s sooner than we think. The process of adopting new standards usually takes years so it is crucial to begin planning for quantum-resistant cryptography now.

Organizations need to make arrangements and budget for a transition plan. This should include upgrading IT systems and deploying standardized quantum-resistant cryptography. They also need to be aware of how vendors plan to upgrade software and hardware. The preparation process should include software upgrades, and system patch delivery to systems using cryptography. They should also ensure the security of these upgrades and authenticate the source.

Moreover, organizations need to take advantage of agencies promoting awareness of quantum computers’ impact on cryptography. These agencies also provide steps to prepare for the transition to quantum-resistant cryptography when it comes.

The agencies partner with others to evaluate the next generation of quantum-resistant cryptography. The aim is to replace current cryptographic applications.

The Challenges With the Quantum Resistance Ahead

New technologies come with new opportunities and new risks — and quantum computers are no exception.

Building a large-scale quantum computer already has several challenges – fabrication, verification, and architecture. The technology derives its power from the ability to store a complex state in a single bit. Unfortunately, this also rather complicates the process of building, designing, and verifying. The verification issue is a cause of concern since it affects communication mechanisms, control circuitry for quantum operations, and more. Moreover, there’s no telling if it impacts the security of data within the technology itself.

Code breaking is another area of focus. An easy way to break codes in conventional computers is to try all possible keys. However, it is a much longer and difficult process. Quantum computing uses Grover’s algorithm to speed up this process. Another method called Shor’s algorithm is capable of breaking or weakening cryptographic algorithms within hours.

The potential for harm from quantum threats here becomes huge. Once encryption methods get broken, trust in data transmission becomes low. Cybercriminals will find it easy to create bogus certificates that call for the validity of a digital identity.

The technology’s effect would render communications as insecure as if encoding didn’t even exist. While there are a lot of worries about quantum computing, these fears remain hypothetical. Today’s quantum computing cannot break any commonly used encryption methods. However, concern for the vital security of our global network infrastructure and data drives the immense effort to counter a potential future of quantum threats.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Why Is the Healthcare Industry the Most Likely To Pay Cybercriminals for Ransomware Attacks?

Times are looking more brutal than ever for one of the world’s most critical industries. Ransomware attacks are skyrocketing, and healthcare organizations are increasingly cut off from much-needed cybersecurity insurance.  

But just how bad is the situation? A recent Sophos survey found that 66% of healthcare organizations were hit with a ransomware attack in 2021, up from 34% in 2020. Perhaps more alarming, healthcare organizations pay the ransom most often compared with other sectors (just over 60% compared with a cross-sector average of 46%. So, what’s going on here? Why is healthcare most likely to pay up in ransomware cyber-attacks? 

Why Do Cybercriminals Target Healthcare Organizations?

Healthcare organizations are a lucrative target for cybercriminals because medical records are a treasure trove of sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) classifies various patient information, including Social Security Numbers, contact information, credit card information, and more, as protected health information (PHI). And PHI is one of the most valuable types of data out there.  

Beyond PHI’s higher selling price, healthcare organizations are more likely to be targeted with a ransomware cyber-attack because they’re more likely to pay the ransom. But why? 

Holding Someone’s Life in the Balance

Here’s the bottom line. We all understand why paying the ransom is bad; it feeds the hackers and incentivizes them to continue hacking, making the problem worse for all. However, not paying the ransom isn’t so simple in reality.  

In some industries, data provides a competitive advantage, but in healthcare, losing access to critical data and systems can put patients’ lives in danger. Or in other words, healthcare organizations aren’t blind to the ethical issues with paying ransoms, but getting their services back online quickly is often their top priority. When you consider that the average downtime a company experiences following a ransomware attack is 7-21 days, it’s not hard to see why healthcare companies cave to pressure.  

Medical Devices Can Present an Easy Entry Point for Ransomware Attacks

The healthcare security landscape is made increasingly complex with medical devices and The Internet of Medical Things (IoMT). Medical devices like insulin pumps, wearable biosensors, smart thermometers, and other remote patient monitoring technology play an increasingly vital role in the industry. However, these new devices open up worrying new entry points for attackers.  

As a relatively new industry, IoT still lacks strong security guidelines that help govern and secure other types of tech. At the same time, security is often not the primary concern in the development of new IoT and IoMT devices. Why? Because manufacturers want to maximize functionality while working with limited compute and hardware, which leaves minimal space for robust security and data protection measures.   

More often than not, these devices don’t store patient data. However, attackers can leverage these devices to gain access to other network resources, like a server that does hold sensitive data. Once attackers gain access to the network, they can exfiltrate data or, increasingly, install costly ransomware.   

Beyond IoMT, other complexities of the healthcare IT environment can leave healthcare companies vulnerable to cyber-attacks. For example, the need for efficient and widespread access to critical patient data across systems means two-factor authentication and zero trust defenses aren’t always feasible. 

An Increase in Ransomware Attacks is Making it Harder to Get Cybersecurity Insurance

Ransomware attacks are on the rise, healthcare IT environments are more complex than ever, and the cybersecurity skills gap puts in-house cybersecurity teams under immense pressure. With this dire picture in mind, healthcare organizations increasingly turn to cyber insurance to protect their vital assets and minimize cyber-attack damage. But there’s a problem – obtaining coverage is becoming more challenging.  

The Sophos report found that 51% of respondents said the level of cybersecurity needed to qualify for cyber coverage is now higher than in the past. At the same time, cyber insurance is becoming increasingly expensive.  

Ransomware attacks are a significant cause of changes we’ve seen in the cyber insurance market in recent years. Ransomware is now the largest driver of cyber insurance claims, and with attacks increasing, ransom payouts have soared. As a result, many cyber insurance providers have found themselves unable to keep up and have left the industry altogether. The ones that remain are changing their limits, coverage, and pricing to manage the increased risk.   

This has led to a seller’s market, where the dwindling number of providers hold all the power. They can charge what they want and be selective about who gets coverage. And unfortunately, many healthcare organizations aren’t meeting the selection criteria.  

Equally concerning is threat actors’ monitoring of cyber insurance companies’ relationships. According to Reuters, some ransomware attack check whether potential victims have policies that make them more likely to pay the ransom.  

However, the competitiveness of the cyber insurance market does seem to be having some positive effects. For example, over 95% of healthcare respondents said they have made improvements to their cyber defenses to boost their cyber insurance prospects. For example, nearly half of the covered respondents implemented new security processes and increased staff training.  

Despite the concerns surrounding cyber insurance, it’s crucial that healthcare organizations understand that cyber insurance isn’t a band-aid for weak cybersecurity. Instead, healthcare organizations need to deploy robust cybersecurity defenses that grant a speedy recovery from a cyber-attack, as well as backups and endpoint detection and response solutions.  

Wrapping Up

The healthcare industry has had a tough few years with COVID-19, rising staff shortages, increased demand for telehealth, and a constant onslaught of ransomware attacks. If the healthcare industry wants to lose its number one spot as the industry most likely to pay ransoms, it needs to take a more rigorous approach to cybersecurity. The cybercriminals will stop trying (or trying in colossal numbers) when the work becomes too hard and the reward too low. As it stands, healthcare is the low-hanging fruit for cybercriminals in 2022.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×