industry unlocked
connection will potentially expose the
healthcare system to outside networks
with limited security controls.
What are the risks?
One of the biggest challenges in security
is the rapid evolution of the threat
landscape. To keep track of the latest
threats and challenges, Vectra’s Cognito
platform uses AI to analyse attacker
data. The latest trends were showcased
in the Attacker Behaviour Industry Report
2019, which draws on a sample of 354
Vectra Cognito AI deployments covering
more than three million devices.
The primary focus was behaviours
that indicate threats across all phases
of an attack, particularly advanced,
targeted attacks that include activity
such as command and control,
internal reconnaissance, lateral
movement and privilege escalation,
as well as data exfiltration.
www.intelligentciso.com
|
Issue 21
The healthcare
industry has an
unfortunately well-
founded reputation
as a softer target.
Is ransomware still on the radar?
Public awareness of ransomware
skyrocketed in 2017 after the WannaCry
outbreak locked down millions of
machines around the world. The NHS in
the UK inadvertently became one of the
most prominent victims, with the attack
causing the cancellation of almost 7,000
NHS appointments and impacting an
estimated 19,000 follow-ups. The NHS
racked up costs of more than £20m
dealing with the outbreak in a single
week, with more than £72m being
spent on subsequent clean up and
upgrade activity.
Nevertheless, we have found
ransomware to now be a less prominent
threat, with the number of incidents
dropping significantly from July to
December 2018. That doesn’t mean
organisations should let their guard
down, as the approach is still used
by many attackers and increasingly in
a more targeted manner. The key to
defence is catching an infection early
in its lifecycle and stopping it from
spreading, as this can prevent files from
being encrypted and stop the attack
from disrupting essential services.
Progressing the attack
Achieving persistence on a compromised
device usually just represents the very
beginning of an attack. After securing
a foothold, intruders will begin to probe
45