Intelligent CISO Issue 57 | Page 45

industry unlocked that are in place and contractual agreements in the event of a breach . Users of third-party IT services should also know about what services and security practices the vendor can provide as well as train staff on how to properly use new software so that they do not expose the system to cyber-risks .

3 . Checking up on vulnerability reports and alerts . Healthcare providers should be aware of new cyberthreats that can affect their third-party software , devices or assets since these assets can expose systems to various cyberthreats , such as compromising database integrity , allowing unauthorised access and data breaches .

4 . Work with third-party vendors on implementing cybersecurity measures . Healthcare providers should also work with third-party vendors in installing new security programmes , such as installing and configuring firewalls , implementing security controls to restrict unauthorised traffic and using security patches from third-party security providers .

In addition , Singapore plans to expand the Cybersecurity Act to improve awareness of threats in cyberspace , protect virtual assets that support essential services and include Non-Critical Information Infrastructures ( Non-CIIs ) that play an important role in the digital economy . It is also looking to update the Cybersecurity Code of Practice for CIIs , which includes the healthcare sector , to help CIIs improve their defence against more sophisticated cyberthreats .

The role of intelligent privileged controls

Privilege escalation is the number one attack vector of risk for healthcare organisations today . Using stolen credentials , attackers can begin moving through systems looking for opportunities to escalate privileges and exploit powerful privileged accounts to install ransomware .

Extending critical identity security practices to include privileged access www . intelligentciso . com

45