Building stronger immunity to cyber threats is a collective responsibility

Prevention is better than cure – an adage that remains relevant today as Australia’s healthcare industry continues to struggle with delivering herd immunity against cyber risk.

When the ICT systems of Melbourne’s Eastern Health were attacked by hackers last month, the organisation was quick to reassure and confirm that patients were not at risk. However, the incident highlighted major security vulnerabilities, resulting in significant disruption to its hospital network, including the cancellation of elective surgeries, and not to mention unnerving staff and vulnerable patients.

Protecting digital-health progress

In today’s digitally driven environment, applying smart technologies is crucial in improving operational efficiencies that deliver better patient outcomes. The COVID-19 stress-test experienced in 2020 accelerated investments in new infrastructure and software solutions to ensure healthcare practitioners and patients could stay connected. This included the launch of specialist cloud-based platforms such as Microsoft Cloud for Healthcare, providing more efficient booking and triage processes, enabling tele-health consultations and digital follow-up.

The speed of digital adoption seen in healthcare was experienced across most sectors, facilitated by the adoption of hybrid cloud and the need for collaboration tools such as Microsoft Office 365 applications. Unfortunately, the speed and scale of cloud adoption has also presented transitional gaps – and opportunities for adversaries to exploit.

A new global study by Vectra AI has revealed that 71% of Microsoft Office 365 deployments suffered an average of seven malicious account takeovers in the 12 months to February 2021. A user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network. Cybercriminals rarely act alone – from sharing infrastructure to being part of entire syndicates dedicated to sabotage, forcing organisations to constantly review and renew their security policies.

With expanded use of Microsoft Office 365 during COVID-19, the main concern of security professionals is now the risk of data being compromised and the ability for hackers to hide their tracks by using legitimate Microsoft tools.

Bridging the knowledge gap

Constantly evolving threats require an around-the-clock effort and highly specialised skills to bolster cybersecurity, particularly within a hybrid cloud environment. Typically, most healthcare organisations have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource.

Our survey found that just one in three security professionals believe they could identify and stop an account takeover attack immediately; the majority expect to take days or even weeks to intercept such a breach.

I’ve outlined some best-practice tips to think about when strengthening your organisation’s immunity to internal and external threats:

It’s not enough to just invest in the tools; it is also important to build knowledge and establish stringent governance frameworks. That’s where vendors with true cybersecurity expertise drive value, helping organisations to not only draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.

It is imperative that organisations truly understand their new enterprise network. We have seen perimeters of the network vanish during 2020 as organisations have shifted to the cloud; the modern enterprise network is now Datacentre, IaaS, SaaS and PaaS. It is vital that the enterprise has visibility into all these networks and be able to track attackers as they pivot through these environments. We must build detection and response capabilities that can shine a light into all these environments and track attacker behaviour as they attempt to move laterally through them.

It is critical to not only identify attackers as they pivot through the modern network, but also to have the ability to respond rapidly and in a consistent way across all network stacks, be that IaaS, SaaS, PaaS or Datacentre. The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre, giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.

Building a more secure future for healthcare providers  

Combatting cybercrime is a priority not only for the healthcare sector but has rapidly become a matter of national interest and security. With global rollouts of COVID-19 vaccines in progress, and as new cyber threats continue to expose network infrastructure vulnerabilities, never has this defence been more crucial.

With a scarcity of talent and a rapidly evolving threat landscape, many industries including the healthcare sector struggle with closing the gap between attacker and responder. Entities need to focus on their networks and maintain good cyber hygiene to reduce the noise coming into security operation centres.

Unless security investments are made into response capabilities, the gap between attacker and responder will continue to grow.

Chris Fisher is head of security engineering for Vectra.ai in the Asia Pacific and Japan markets.