While healthcare cybersecurity experts reported greater hack reaction times during these periods, the current research identified hospital emergency rooms as models for SOC staffing.
According to Cybereason, a provider of cybersecurity products for predictive prevention, detection, and response, incident response plans can assist hospital security teams in mobilizing when events occur.
WHY DOES IT MATTER?
According to Organizations at Risk 2022: Ransomware Attackers Don’t Take Vacations, a lack of contingency preparations, along with lower personnel levels in security operations centers (SOCs), has led to longer investigation and reaction times, as well as greater expenditures.
The yearly, global research, which was launched last year, examines the impact of cyberattacks that occur on holidays and weekends. In September and October, Cybereason conducted an online poll of cybersecurity teams in the United States, United Kingdom, Germany, France, Italy, United Arab Emirates, South Africa, and Singapore that have suffered one or more weekend or holiday cyberattacks.
When asked what sort of security event SOC teams are most commonly attempting to handle, nearly half (49%) said ransomware. The most common attack types were supply chain assaults (46%) and targeted attacks (31%).
More than 1,200 cybersecurity specialists working in firms with more than 700 workers were polled, and 88% stated they missed a vacation or a weekend event as a result of a ransomware assault.
Across sectors, however, 44% of respondents said that their SOCs were less than 33% staffed at these times.
While the poll included security operations teams from a variety of industries, 30% of SOC teams in healthcare stated it takes longer to determine the breadth of a weekend or holiday assault.
Respondents from healthcare SOCs stated it takes three to six days (21%), one to two days (19%), or seven to 23 hours (15%) to remediate ransomware attacks.
Only education SOC teams were more likely to report resolution times ranging between one and six days.
Cybereason advised all industries to investigate staffing models that can improve incident response, with a nod to the healthcare cybersecurity industry.
“Look to hospital emergency rooms and other emergency response organizations for models,” the company says
Additional suggestions include:
Identifying appropriate weekend and holiday staffing.
Developing a managed detection and response approach to supplement existing personnel with third-party coverage.
During off-peak hours, unused, privileged accounts are locked down.
Implementing isolation procedures for discovered intrusions to halt their spread.
Upgrading to next-generation antivirus (NGAV) protection using behavior-based solutions capable of scanning across networks and detecting ransomware assaults in their early phases.
Across industries, 38% aim to build new detection capabilities, particularly for ransomware, while 31% plan to boost employees so their firms can respond to assaults faster.
55% of healthcare responders have switched to NGAV.
THE MAJOR TREND
Cybercriminals are not new to exploiting known flaws. Due to fast IT deployments, freshly launched telehealth programs, untested platforms, and staff migrating to a work-from-home style during the COVID-19 epidemic, hospitals, and healthcare institutions became excellent targets for hard-to-detect phishing attacks.
Despite pledging a “cease-fire” early in the epidemic, bad actors swiftly turned their attention to vaccine researchers and other groups seeking to deal with COVID-19’s issues.
“While there is no way to prevent the threat of ransomware, organizations can stop ransomware attempts from impacting their business by implementing a multilayered security approach to thwart future threats,” Robert Capps, vice president of marketplace innovation at NuData Security, told Healthcare IT News.
Artificial intelligence advancements are also bolstering cybersecurity programs.
“If an antivirus or next-generation firewall system incorporates AI or behavioral monitoring information, assets with abnormal behavior – signs of infection, abnormal traffic, anomalies – can automatically be placed in a quarantined group, removed from network access,” said Robert LaMagna-Reiter, senior director of information security at First National Technology Solutions, a managed IT services company.
ON THE RECORD
“It’s no wonder SOC teams operate so lean on holidays and weekends: Security professionals are experiencing record levels of burnout compounded by a protracted global talent shortage and relentless adversaries,” Cybereason says in the new report.
Source: Healthcare IT News