Hackers are now targeting the US healthcare system on a daily basis. Data breaches are serious problems with business-crippling results. Some Healthcare organizations are unaware of the multiple ways cybercriminals can attack and are often unprepared to combat the issues that arise when such activities occur. Others let fear of attack control their response and deploy common solutions that they presume will protect them but may later find themselves compromised because of gaps in their data protection approach. Cybercriminals thrive on both of these scenarios – using lack of preparation or overconfidence in what was deployed to their advantage. To thwart the possibility of succumbing to a ransomware attack, companies need to implement the following five defensive strategies, according to experts at Index Engines, leaders in supporting companies in mission-critical information management, cybersecurity and governance challenges.
- Deploy a real-time malware detector – Cybercriminals are looking for the path of least resistance when attempting to break into datacenters. Whether it is a remittance of old attacks hoping to find an unsecure target or one of the many new threats created each day hoping to infiltrate a system before they’ve been identified, having one of the commercially available anti-malware software protection solutions deployed is an important first line of defense. Ensure that the software is scheduled for frequent system scans, and that updates and patches are installed automatically to minimize protection gaps.
- Deploy a backup solution that supports full-content analysis of your data – Many backup products on the market today have some level of analytics functionality to determine whether any particular data has been corrupted. However, many of these solutions are metadata-only based, only looking at basic information about a file or database. Others use metadata analytics on the first pass and then follow up on suspicious results with content-based analytics. But this approach is flawed and can miss more sophisticated attack vectors, providing a false sense of confidence. A comprehensive content-based analytic scan deployed from the start validates the data’s integrity and delivers the high level of confidence that advanced or hidden attacks are found and neutralized.
- Use forensic analysis that include Machine Learning – Because of the efforts of real-time malware detection providers and content-based analytic backup solutions, most cybercriminals have to consistently change approaches in their efforts to infect and attack business operations. What was once a bunch of loosely affiliated opportunists have turned into well-funded and organized syndicates using advanced technologies to re-engineer their attacks. Forensic analysis software that employs machine learning and artificial intelligence as part of its learning can detect patterns and anticipate changes that human-based intervention cannot. The cybercriminals are using ML to their advantage; so should you!
- Don’t Pay a Ransom – Because of the swiftness and scale of these cybercriminal activities, it is possible that they may still find a way into your compute and storage infrastructure. Human error, falling for phishing schemes or intentional damage from a disgruntled employee can be the gaps that data thieves need to penetrate Healthcare organizations that have deployed the proper security defenses. As overwhelming as it may be to find out that your data has been compromised and/or encrypted, don’t play into the hackers’ hands by paying a ransom for a return of your business-critical information. It is possible that you may still not recover your data even after paying. The security exploit that was leveraged may still be intact and cybercriminals may re-target your systems. Criminals may see you as an easy mark for having paid the ransom and have reason to come out you again knowing that you’re willing to pay to get back up and running.
- Focus on best practices for cyber-recovery – Not paying a ransom does not mean that you cannot get your systems back and operational. Nor does it mean that there has to be an excruciatingly long recovery period. The right protection software can turn a ransomware attack into just another disaster recovery scenario. It can find the most recent clean backup prior to an attack and help recover any lost or infected data. In addition, the right cyber-recovery tool can launch a post-attack forensic discovery to find the breach and the malware that executed the attack in order to guide the post-attack recovery process and protect against future intrusions.
Cybercriminals will strike any Healthcare organization, no matter how big or small, if they feel like there is a good chance of collecting a ransom.Taking steps to fortify your defenses and ensure fast, efficient recovery in case you do fall victim is paramount for protecting against ransomware in the first place. Criminals want the easy score. Deploying a solution like CyberSense that serves as a safety net against ransomware makes working for a win not worth the time and effort.
This post has been sponsored by JPR Communications
Jim McGann is Vice President Marketing & Business Development, Index Engines. He has extensive experience with the eDiscovery and Information Management in the Fortune 2000 sector. Before joining Index Engines in 2004, he worked for leading software firms, including Information Builders and the French based engineering software provider Dassault Systemes. In recent years he has worked for technology-based start-ups that provided financial services and information management solutions. Prior to Index Engines, Jim was responsible for the business development of Scopeware at Mirror Worlds Technologies, the knowledge management software firm founded by Dr. David Gelernter of Yale University. Jim graduated from Villanova University with a degree in Mechanical Engineering. He is a frequent writer and speaker on the topics of big data, backup tape remediation, electronic discovery and records management.