Cyberattacks have grown in frequency and complexity to the point that all healthcare organizations are likely to experience a successful attack sooner or later. It is vital for healthcare companies to plan and take action to make sure that the harm caused is minimized. A primary focus for security teams, besides minimizing risks, is enhancing cyber resilience. Cyber resilience means the capability of a company to keep going with operations in case of a cyberattack and to get back as before immediately.
A new survey conducted by Cisco reveals that executives know about the value of cyber resilience. 96% of survey respondents stated the high priority of cyber resilience since 62% of respondents stated their company had suffered a security breach in the last two years – a mix of DDoS attacks (46.4%), ransomware attacks (46.7%), network/system outages (51.1%), and data breaches (51.5%). These attacks got serious effects on the breached entities, disrupting IT systems, supply chains, communications, and internal operations. Four out of 10 breached companies stated they endured prolonged brand damage.
Although the primary objective of cybersecurity is to stop attacks from happening, it is presumed that is not 100% possible considering the fast-changing threat landscape. There are five elements in the cyber resilience lifecycle: identity, protect, detect, respond, recover, and anticipate. It is crucial for healthcare companies of varying sizes to deal with these elements to enhance their cyber resilience. CISCO has determined the most crucial elements for being successful.
Concerning CISCO’s Security Outcomes Report, Volume 3: Achieving Security Resilience report, a strategy was created for giving companies their cyber resilience score that helps the researchers to determine seven essential factors that are crucial to success. The seven factors were found in the 90th percentile of cyber resilient companies and were not present in the 10th percentile. These factors are:
- Good security assistance from the C-suite
- Outstanding security culture
- Internal workforce and resources for incident response
- Generally on-premises or largely web-based technology system
- Mature zero trust
- Sophisticated endpoint recognition
- Merging networking and security into a fully-developed, cloud-delivered safe access services edge
Companies having poor security assistance from the C-suite got 39% lesser than those with solid C-suite assistance. Companies with a solid security culture scored 46% more than those without a security culture, which could be attained by means of routine staff training. There were 15% better resilient results to security breaches if an internal group and assets were accessible for the incident reply. Oddly enough, there was no variance in resilience scores among businesses whether their technology infrastructure is in the cloud or on-premises. However, those that were changing from on-premises to the cloud got scores diminished by 8.5% to 14%, based on how hard it is to control their hybrid environments.
One of the most effective ways to enhance cyber resilience is to undertake zero trust. This security strategy assumes the breach of defenses already and makes it as difficult as possible for malicious actors to go side to side inside networks. Enforcing zero-trust isn’t a fast process, however, its benefits in healthcare are very well known. A new Okta survey shows 58% of healthcare companies have begun using zero-trust initiatives. 96% of surveyed healthcare participants claimed they had either begun employing zero-trust or will implement it in the following 12-18 months. Guidance on employing zero-trust in medical care was just posted by Health-ISAC.
Cisco remarks that companies that have a mature zero-trust model got 30% higher cyber resilience scores compared to those that did not have any. The most crucial boost happened not from zero trust, however, from advanced endpoint recognition and reply abilities, which improved cyber resilience ratings by 45%. Converging network and security into a mature, cloud-transferred secure access providers edge grew security strength scores by 27%.
“The Security Outcomes Reports researched into what is effective and what is not in cybersecurity. The best goal is to quiet the noise in the marketplace by determining practices that can lead to safer results for defenders,” mentioned Jeetu Patel, executive VP and general manager of security and collaboration at Cisco. This 2022 the focus is on determining the main factors that raise the security toughness of a business to those who are the very best in the sector.”