Technology Security: The Game Changer for All Business
In today’s reality, nation-states and their criminal partners can disrupt commerce and defenses in the free world from the safety and comfort of their computer desks. Their prime targets are not top-secret space weapons but everyday businesses and business systems, and healthcare organizations are just as vulnerable as any other industry. Hospitals, smaller providers, health plans, and business associates can all become targets of cyber-espionage, so it is up to every business decision-maker to understand the threats.
Cyber-espionage against businesses is safer, easier and often more effective than targeting governments. Industrialized nations compete for world dominance in economic markets, so cyber-espionage is being used against businesses to gain competitive advantage.
Cyber-warriors target small and mid-sized businesses because they tend to have weaker defenses than critical government or military organizations. Business systems now connect with partners of all sizes, so a mid-size or small business network may provide the opening that offers cyber-attackers a path into a business partner’s networks, either immediately or in the future.
Smaller organizations can also hold personal data on customers or employees that could be used to coerce individuals into revealing security codes and other sensitive information. For example, if medical records revealed an official in a key position had an alcohol problem or financial records revealed a gambling problem, that person might be coerced into revealing industrial plans, network passwords, or other sensitive information.
Healthcare records have also been a favorite target for cybercriminals for years. A healthcare record is worth a lot more than credit card data because armed with healthcare data, it becomes a lot easier for criminals to create a fake identity. Obviously, espionage agencies belonging to various governments have an interest in being able to create fake identities as well. In addition, those agencies are probably trolling for sensitive data relating to the health of government officials. Knowing a government official has a heart condition or an addiction to a specific substance can be useful in any negotiation.
The average IT department in a healthcare organization now finds itself combating both organized cybercriminals and espionage agencies. The latter are particularly troubling because they have access to the kind of tools and resources required to launch attacks at scale. In fact, while the Anthem breach might be the largest ever publicly acknowledged one in the healthcare industry, it’s probably only a matter of time before an even larger breach gets discovered.
Defending Against Cyber Espionage
How can an organization defend against the growing threat of cyber-espionage? Tactics of cyber-warfare are the same as any other kind of cyber-crime, even if the ends are different, so defensive best practices are also the same. Small business and health organizations should ensure:
- They partner with information security experts to fully understand the threat landscape while leveraging their visibility across their entire client base.
- They know which assets need to be protected and the associated operational risk of each.
- They know where their vulnerability lies.
- They understand the adversaries, evolving tactics, techniques, and procedures allowing you to reshape your defensive countermeasures as required.
- They ensure critical infrastructure suppliers have not been compromised and have safeguards in place to ensure the integrity of systems provided by these suppliers.
Most cyber-espionage attacks are multi-stage, you need awareness programs and training programs to help employees and possibly customers avoid becoming victims of social engineering, and you should keep them aware of social engineering scams. Figure cyber-warfare into your incident response plans, as you would for any other breach risk, because threats are real, and national security and your organization’s survival may rest on them.