Digitization and digital transformation in healthcare are delivering amazing advances in everything from diagnostic imaging and patient monitoring to medication safety, insurance claims processing, medical devices, and genetic research. As healthcare organizations reap significant benefits from innovation, they also must protect themselves and their patients from cyber attackers who develop increasingly sophisticated attack tools and methodologies.
What do enterprise security teams have in common with Hannibal at the Battle of Cannae in 216 B.C.? A lot. Both face an onslaught of adversaries. Both have valuable reputations and territory (or markets) at stake. And both need a way to outdistance enemies by enlisting new tactics. With today’s cyberattacks, yesterday’s approaches are not enough. As it did for Hannibal, deception offers a way to turn attackers’ own methods against them. The history of deception shows that weapons and tactics might change, but the ability to make an adversary act on something that isn’t real offers modern enterprise defenders a new arsenal of tools.
It goes without saying that rigorous security controls are irreplaceable. But no matter how strong an organization’s cybersecurity defenses are, determined attackers will still get in. Whether malicious insiders or external actors, persistent attackers fly below the radar and reside for months inside a network. They’re patient, studying the infrastructure and carefully planning their attack because what they’re typically after are the crown jewels of your business: essential data volumes, intellectual property, financial transactions, or revenue-dependent business operations.
The risk of an Advanced Persistent Threat (APT)—the possibility of an advanced cyber attacker moving under cover in an enterprise network—keeps CISOs awake at night. But it's making more C-level executives and their board members restless, too, because of the potentially massive damage advanced attacks can cause to business reputations, critical systems, data manipulated or stolen and operations compromised. Boards and senior execs are demanding better accountability and assurances that their organizations are adequately protected.
The second and third most common inhibitors to better cyber defense, according to the 2017 Cyberthreat Defense Report are “the shortage of skilled personnel and too much data for IT security teams to analyze.” The two are undoubtedly related.
By annually tracking the cost of data breaches, Ponemon Institute has helped instill broad awareness that these costs continue to increase. As noted in our report earlier this year, Ponemon also offers some insight on steps companies can take to minimize these costs, citing the positive impact of investment in pre-established incident response teams, employee training, and enhanced encryption.