Guest Post: Rethinking Healthcare Cybersecurity by Focusing on the Attacker, not the Attack

Thursday, October 4th, 2018
This post was written by Ofer Israeli

Why are healthcare systems so challenging to secure? What is driving this complexity. How might we rethink our approach?

Healthcare systems, like all digital networks today are increasingly inter-connected and consumer-driven. The digital transformation necessary to make them agile, also renders them easy targets for data and identity theft, insurance fraud, and other forms of cybercrime. As the recent spate of ransomware has shown, cyberattacks on healthcare institutions also disrupt vital services and risk patient safety.

Beyond the health organization’s core staff, a wide variety of guests, students, visitors, patients, maintenance workers and others have direct physical access to healthcare systems and devices. Temporary workers and contractors require access to sensitive systems while employed. External interconnection of these systems with universities, research partners, and other remote services further mitigates the effectiveness of perimeter and access security controls. Higher and thicker security walls will not support the organization’s need to break down barriers, share information, and increase patient access.

Clearly, a new approach is required. If we cannot stop attacks, then we must stop the attackers. This is not a semantic nuance. The key to protecting healthcare systems in the future will be to transform our thinking—from a focus on defending ourselves from an infinitely expanding phalanx of attacks and attack vectors, to instead focus on disrupting the attack process itself regardless of attack style or source. We must stop the attackers.

As difficult as that might sound at first blush, there is, in fact, a silver bullet that will disrupt the vast majority of attacks. Malicious actors targeting healthcare systems all share a common trait that makes them vulnerable to disruption and detection. Regardless of how they enter a healthcare network, or what their intent, attackers must move laterally across the healthcare network to access their target applications, devices, systems, and data. To move undetected, they must gather intelligence about the environment and make careful decisions regarding their attack path.

The key then, quite simply, is to disrupt the attacker’s decision-making process—to blind and befuddle them so that they cannot progress their attack. Done well, cyber deception technology disrupts the attacker’s intelligence gathering process, and destroys their ability to make accurate decisions, by flooding the attack plane with false and misleading data. Similar in effect to evasive maneuvers used in aerial combat such as disgorging flak, disrupting radar, and disorienting GPS signals, these new technologies destroy the attacker’s ability to navigate, and ensure they are detected by any movement they do decide to make.

The challenges of securing healthcare systems will continue to grow as attackers, and their tools, methods, and infrastructure, become more sophisticated and diverse. Just as digital transformation is improving efficiency and patient outcomes, the traditional security mindset must be transformed to a modern security mindset. To protect these new system architectures, we must refocus our efforts from defending against attacks to disrupting the attack process itself. Deception offers a promising path forward in this direction.

Ofer Israeli

Ofer Israeli

About the Author: Ofer Israeli, founder and CEO of Illusive Networks, pioneered deception-based cybersecurity. He leads the company at the forefront of the next evolution of cyber defense. Prior to establishing Illusive Networks, Mr. Israeli managed development teams based around the globe at Israel’s seminal cybersecurity company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical Quantum Mechanics.

Tags: , , , ,

Related Posts:

Comments are closed.