enter any charges or send out claims. Many of the insurance plans have timely filing clauses which, if not
            done, they will not pay. So, no claims were being sent out and no payment was coming in."

            The ransomware attack shut down the spring valley hospital computer network and ceased all web-based
            operations, including the patient portal. Coupled with the impacts of the COVID-19 pandemic, the attack’s
            cascading impacts proved insurmountable.

            St. Margaret’s  18-plus month  recovery  effort  failed and  on June 16, 2023,  the five  facilities  closed for
            good.




            A Hidden Culprit – Security Data Silos

            One  of  the  frustrations  security  practitioners  experience  with  cyberattacks  like  this  is  that  while  the
            ransomware  spread  quickly,  the data that could  have helped  the team defend  against it didn’t.  Threat
            intelligence data is often stranded – isolated in ‘data silos’ separately managed within various functional
            groups.

            The average organization  of St. Margaret’s  size uses dozens  of discrete  security tools, many of which
            don’t  share  their  data  or connect  directly  to  other  security  tools,  outside  of  their  own  application  and
            assigned management  group.

            Given  the  high  volume  of  threats  and  security  alerts  flooding  analysts,  these  data  silos  can  lead  to
            dangerously  slow responses.  While tools are helpful – and necessary  – cybersecurity  pros need more
            than point solutions to defend against collaborative, persistent attackers.

            This  is  where  orchestration  across  silos,  AI-driven  automation,  and  collaboration  tools  can  play  an
            important  part. AI and machine  learning don’t replace humans,  but they can pull together  diverse data
            streams,  consolidate  redundant  data  to  reduce  the  noise,  integrate  threat  intelligence  into  SOC
            operations, and enable security teams to automate some responses and act immediately on others.

            Equally important and often overlooked is the need to automate alerts with the right information, and get
            them  to the right people  as quickly  as possible.  The  status quo  for many teams  is to track threats  on
            spreadsheets and communicate by email, if at all. Best case – it can take days to weeks to alert the right
            people and concisely tell them what they need to know.

            But by automating  the tedious work and sharing  context-rich  information  immediately,  security  experts
            can pinpoint attacks and take intelligent action – before irreparable damage occurs.




            The TIP-ing Point: Leveraging Existing Intel to Thwart Future Attacks

            The path to integrate threat intelligence platforms (TIP) with data orchestration and workflow automation
            (SOAR) seems daunting for many organizations.







            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               56
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.