It shouldn’t come as a surprise that 2019 has continued a growing upwards trend of cyber crime, but Bitdefender has revealed just how extensive the threat is.
Its Mid-Year Threat Landscape Report 2019 revealed that 24% of organisations suffered a breach in the first half of the year.
Meanwhile, many of those that haven’t reported an incident admit it’s possible that they’ve suffered one but don’t know it yet.
Healthcare industry the most vulnerable
Bitdefender’s figures show that every industry has faced a barrage of attacks but that the healthcare sector is the worst affected.
Our research supports this, having identified 135 data breaches in healthcare organisations since June 2019. This makes it by far the most vulnerable sector, ahead of the public sector (99) and the education sector (80).
The most common causes of these breaches are ransomware and vulnerabilities in medical devices.
We’ve logged more than 100 ransomware attacks since the start of 2019, but that doesn’t include countless organisations that have hidden attacks for fear that disclosure will expose them as a target for further attacks.
Attacks have grown in frequency as it has become easier to purchase off-the-shelf ransomware tools and easier to extort victims.
Organisations’ reliance on digital files means that infections cause greater damage – at least for those that don’t have backups. They therefore put themselves in a position where paying up is the only realistic path to restoring their systems.
Unfortunately, rewarding cyber criminals fuels their operations and encourages them to launch further attacks.
The other major threat facing the healthcare industry is vulnerabilities in medical devices – although a similar problem exists in most industries.
Healthcare providers are using technology such as state-of-the-art Internet-connected heart monitors to gather information faster and more comprehensively, but they aren’t doing enough to ensure these devices are secure.
This creates the possibility of a cyber criminal hacking the device to access patient information, which has serious privacy concerns but could also put lives in danger.
The stakes aren’t quite as high when it comes to, say, installing the new office printer or creating a new Cloud database, but there’s still a serious threat that needs to be addressed.
One of the most effective ways of doing this is with penetration testing. This is essentially a controlled form of hacking in which the ‘attackers’ operate on your behalf to find the sorts of weaknesses that criminals exploit.
Penetration tests help you spot weaknesses that result from poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.
They should be conducted by professional testers at least annually and whenever you make significant changes to your systems.
Staff training is just as important
Another vital aspect of cyber security is staff awareness training. After all, it’s no good securing your organisation from sophisticated criminal hackers if an employee dumps the sensitive information in their lap thanks to an email sent to the wrong recipient.
Sadly, many organisations are having a hard time teaching those lessons – and the problem comes from the top.
Bitdefender’s report points to the cyber security skills gap as a major contributing factor to the rise in data breaches.
The shortage of qualified cyber security personnel is expected to hit 1.8 million by 2022 – a 20% increase from 2015 – meaning knowledge is being spread thinner and thinner, and organisations have fewer people to lead the way.
Fortunately, IT Governance can give your staff the expertise they need. Our Information Security and Cyber Security Staff Awareness E-Learning Course provides a comprehensive overview of the most important threats employees face.
This online course is the perfect way to introduce employees to concepts such as malware, phishing, social media scams and internal vulnerabilities.