Page 126 - Cyber Defense eMagazine October 2023
P. 126
When it comes to security, there is no cookie-cutter approach or one solution to address all risks for all
organizations. With SaaS applications growing in popularity, including critical solutions for healthcare
organizations, hackers are routinely shifting their focus. Right now, they tend to be attacking the API
gateways between customers and partners, but this may not be the case in a year or two years. Business
Email Compromise (BEC) attacks are also becoming more common and increasing the adoption of
remote work models has made organizations more vulnerable to these attacks.
As cyber criminals evolve their tactics and become more sophisticated, healthcare organizations must
have dynamic processes in place to shift their focus without opening gaps elsewhere. A balanced
approach to cybersecurity should be multilayered, including key components such as threat intelligence,
data visibility, human-led AI/ML controls and automation, and an organizational culture of security.
Additionally, following some simple best practices can help employees identify and avoid security threats
on a day-to-day basis:
• Don’t click on questionable links
• Keep devices and applications up to date
• Enable two-factor authentication
• Keep passwords private and securely stored
• Avoid using public or unknown Wi-Fi connections without a secure VPN
• Four questions to ask about your cybersecurity approach
As noted, an effective cybersecurity approach requires multiple layers and ongoing optimizations.
Whether you have a comprehensive cybersecurity posture or are in the first stages of implementing a
security program, these questions may help you identify the strengths and weaknesses of your
organization’s current approach.
1. How are we addressing the top digital risks facing our organization?: It is critical for companies to
have a comprehensive approach in place to address a variety of risks, including a dynamic user
awareness program and an effective email security solution. As such, it’s imperative for leaders
to be aware of the cyber threats and digital risks always impacting their organizations. A layered
approach includes people, processes, and technology. Detailed threat intelligence and trend
analysis are also critical to identifying top security threats. For example, when it comes to phishing
emails and account compromises, ongoing analysis of logs and trends would help with a more
targeted approach; are specific departments or individuals being targeted more frequently? Are
remote employees falling prey to email phishing attacks more or less often than in-person
employees? These kinds of trends can be crucial to guiding the direction of your cybersecurity
approach.
2. How does our cybersecurity posture compare to those of our peers and competitors? Take some
time to research industry leaders in cybersecurity and the processes they have in place.
Implement tactics that are proven to work and learn from the mistakes of others to fill any gaps.
3. How are we educating and training our employees to be aware of and prevent cyber threats?:
Safeguarding against cyber-attacks and protecting the company’s money and interests is every
employee’s responsibility! While implementing required cyber-security training for all new
employees along with frequent refresher training can help ensure that employees are able to
Cyber Defense eMagazine – October 2023 Edition 126
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.