Survey evaluates confidence in seven key security controls required to detect cyber attacks
A global study has revealed that healthcare IT professionals underestimate the threat of cyber attacks and are overconfident in their ability to tackle the growing problem.
Tripwire this week announced the results of an extensive study conducted by Dimensional Research exploring the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress.
A total of 763 people responded to the study across a number of industries, including 101 from the healthcare sector.
The results show healthcare IT professionals are overconfident in their ability to quickly collect the data needed to identify and remediate a cyber attack. For example, while less than half of the respondents (49%) know exactly how long it would take their vulnerability scanning systems to generate an alert if unauthorised devices were detected on their networks; 90% believe they would be alerted within hours.
According to Verizon’s 2016 Data Breach Investigations Report, while 63% of successful system compromises in the healthcare industry occurred within minutes, 56% of data breaches impacting the health care sector took months to detect.
“There’s no argument that these basic controls work and contribute directly to an organisation’s cyber security, yet the research shows they are not in place at enough healthcare organisations,” said said Tim Erlin, senior director of IT security and risk strategy at Tripwire.
“This is occurring at a time when the healthcare industry is facing unique cyber threats, from physical theft to sophisticated ransomware campaigns.”
Additional findings from the study included:
Erlin said: “The basics of finding unauthorised devices and vulnerabilities and applying patches in a timely manner should be done at every organisation in order to create a baseline of cyber security.
“These fundamental controls should be in place before organisations look at the latest shiny security object.”
To combat the problem trusts are urged to ensure they have the following:
When implemented across an organisation, these controls deliver specific, actionable information necessary to defend against the most-pervasive and dangerous cyber attacks.