Cybercrime vs.

Healthcare

Andris Soroka2015, WOHIT,

Riga

Riga, Latvia

“Data Security Solutions” business cardWhat We Do?

DSS

ICT Security Provider

Advisory, Consulting, Installation,

Support

Most Innovative Portfolio in

BalticsMember–

ships, Awareness

Rising

Technology &

Knowledge Transfer

ICT Security

Evangelists

Endpoints

Applications

Networks

Data

Identity

Mobility

Management

Cloud

DSS Global Partnerships

DSS Delivering Excellent ICT Security Operatitions to its Customers

Customer ICT Security

Operations Excellence

Cooperation with Industry Top Technology

Leaders Recognised by Gartner, IDC,

Forester

Top level ICT Security

Professionals

Selected Cutting Edge ICT Security Innovative

TechnologyIntegration

Pan-Baltic

Projects

Particular Focus on Security

Our international cyber security conference

In 2015 included in World Summit of Information Society Prize candidates.

Online voting is ON.

C5 – building theConfidence in Security in the use of ICT.

FIRST PART

Digital world of today and health industry

Cybercrime and health organizations

Why industries loose against cybercrime

SECOND PART

10 most important controls to stay safe

Conclusion and Q&A

Agenda (Two acts drama)

Trends of the digital future

mHealth, including drone drugs delivery

Artificial Intelligence (IBM Watson)

GIS systems (112 or 911)

eHealth in general

Cloud, Mobility, Applications, Self

Service, Telemedicine, BIG data etc. –

whole scosystem of connected

organizations, health pro’s and patients

Digital technolgy advantages

The health industry ecosystem

Patients /Consumers

Healthcare ProvidersIntegrated Delivery Networks, Large

University Medical Centers, Independent Community Hospitals, Physician Private

Practices

Public HealthPandemic readinessVaccine inventory &

distributionSanitation & public safety

Government AgenciesRegulatory & Research Agencies,

FDA, WHO, DHHSS, CDC, NIH, Health Ministries

Patient EducationHealthy Lifestyles

Health ClubsHealth & Wellness Programs

Transaction ServicesClaims Processing

Banks / Health Savings

Health Plans / PayersPrivate – BCBS plans, large national plans,

mid-sized regional plans

Government / National Plans, Medicare Medicaid

PharmaciesPharmacy Benefit

ManagementRetail ClinicsSolution Providers

IT Infrastructure and Service Providers, Application Providers

Medical DevicesImaging

Archiving & Retention

Drug Developers Large Pharma, Integrated Biotech,

Research Biotech

Cybercrime & health industry

Cybercrime & health industry

Economics of cybercrime @health

EHR worths in black market 20x more than credit card data

record, however by adding full profile of victim one profile could

cost on average more than 500USD per record..

Health incidents are at least twice harder to detect so valid

much longer time than financial fraud

One database record could be sold up to 8 or more different

criminal groups (blackmail, insurance fraud, identity and

financial fraud, medicine sales, competition and so on)

Just use imagination what could happen to Your medical data...

Countermeasures against cybercrimeHIPAA (Anno 1996)

Identifies security process

Identifies inventory

Identifies roles and responsibilities

Sets requirements for training and cyber

security awareness raising

Gives advises for incident management

Sets physical access, identity controls

etc.

ISO 31XXX, ISO 27XXX, many country local,

international (like ENISA’s within EU), regional,

industry regulations, compliances, policies

etc.

Security myth #2 – old security works well

Sophisticated attacks of today’s cybercrimeTargeted professional attacks

Massive Denials of Services

Watering hole attacks

Advanced persistent threats

Mobile incidents

Cyber wars

Hacktivists

Global virus outbreaks

Complex and very expensive

Insane data leakages

Identity thefts

Cyber espionage

And so on...

Summary before 2nd partCybercrime is real deal, everyone is affected and

it is next door if haven’t been knocking at Yours

already yet

All traditional securities invented in 80’s and 90’s

aren’t any more efficient, as well all compliances,

regulas and security standards without innovative

technologies and investment in cyber security

always remain one step behind bad guys

World is short on enough smart good guys that

know both – business and IT security – and can

translate IT into business language and manage the

risks with elegance

How we can help

Analyze and detect risks

Fulfill audit

Build security action plan

Train the employees

Pass compliance regulations

Save from data leakage

Protect critical assets

Get rid of passwords

Consult Your IT professionals

Protect from attacks

Help creating RFP docs

Be Your IT Security Advisor!

Business value of «Data Security Solutions»

Thank You

Merci

Grazie

Gracias

Obrigado

Danke

Japanese

English

French

Russian

GermanItalian

Spanish

Brazilian PortugueseArabic

Traditional Chinese

Simplified Chinese

Thai

Korean

FIRST PART

Digital world of today and health industry

Cybercrime and health organizations

Why industries loose against cybercrime

SECOND PART

10 most important controls to stay safe

Conclusion and Q&A

Agenda (drama in two acts)

World of digital in health

Some definitions before we go on

All legitimate entities should experience correct access to services and facilities.

Availability:

Accountability for all service invocations and for all network management activities; any entity should be responsible for any actions initiated.

Accountability:

Protection of stored and transferred information.Integrity:

Confidentiality of stored and transferred information.Confidentiality:

DSS top10 cyber security controls

10th place – Traditional security

You cannot forget about traditional minimum

requirements of security in your infrastructure

because bad guys always choose easiest ways

and fastest ROI

Some global level data leakage incidents

happened because of.. turned of firewall by

accident

You will still be able to handle most of threats

except of course targeted and sophisticated ones

9th place – Inventory and audit everything

You need as much as possible visibility

(hardware based, sofware based, any) of your

employees, visitors, devices, applications, data

bases and network perimeter to be able to

protect it or control it accordingly

You need to save and keep all audit data for

basic analysis and possible investigations later,

as well for data integrity reasons (something like

basic log management, could be done without

big investments as there are plenty of tools all

around available, open source etc.)

8th place – Continuity and incident response

Business continuity and incident response

plan helps to restore back systems with

least possible losses and also helps find out

who was guilty...

In many cases this part could bring

business and IT together as both can use

their imagination to find different theme

scenarios aka «what could go wrong», and if

both parties find it funny and interesting

enough that could lead to some higher in

our top activities..

7th place – Infrastructure security

Centralization, real time visibility and

management of any and every endpoint,

network, mobile and any other elements

regarding patch & configuration

management, application & device

management, vulnerability management and

so on.

Every unpatched or wrongly configured

system can be at risk of targeted or

accidental cyber security attack or incident.

And not even talking about such important

thing as critical infrastructure..

6th place – Identity and Access Mgmt.

Least priviledge principle and priviledged

user management, authentication,

authorization, audit of sessions, any higher

security level implementation and control

such as one-time-passwords, smartcards,

biometrics, physical security linking to

logical security, identity control, fraud or

anomaly prevention/detection and many

much more.

Like seen in movies – identity and access

means a lot in data theft, sabottage etc., as

unauthorized access anyhow ends bad...

5th place – Defenses against attacksThere are advanced persistent threat attacks, there are web

based vulnerability attacks, network based volume and mixed,

complex attacks. There are attacks on endpoint, on servers, on

security encryption certificates, on different protocols and

applications, on mobile devices, on DNS servers, online services

or wi-fi access points and so on.

Practically every attack should be detected and stoped on time.

But that could be done in different levels (f.i. ISP) and with

different tools.

4th place – Mobile security

Expansion of mobile devices changes

security and IT in general.

Mobile phones with their millions of apps

are at biggest risk today.

BYOD is biggest challenge for IT and

Security when You need to be productive but

need also comply with security

requirements.

You need to have not just MDM or MAM or

MCM, but EMM or so called Enterprise

Mobility Management to do safe business.

3rd place – Data Security

EU personal data protection legislation

changes might have some big changes.

Classification of most critical information

assets is very important. And this could be

done on endpoint, on servers, within data

transfers and by number of different

methods.

Here we speak about Database Firewalls,

Data Governance and Data Risk

management tools, Data Forensics tools,

Data Loss and Data Leak Prevention

technologies and so on.

2nd place – Security Operations CenterIntegrated, modular, innovative. Just

like IBM Qradar platform with all those

integrated connections to different Data,

Identity, Network or Endpoint Security

solutions, strengthened by integrated

Risk Management, Network Incident

Forensics, Intelligent Vulnerability

Management, Log, flow collectors and

central Security Intelligence console and

platform.

Without SOC there is no bright future

for organizations even starting SMB’s.

1st place – Security training (human factor)

Suspected

Incidents

Prioritized Incidents

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

Extensive Data Sources

AutomatedOffenseIdentification

•Massive data reduction

•Automated data collection,

asset discovery and profiling

•Automated, real-time,

and integrated analytics

•Activity baselining

and anomaly detection

•Out-of-the box rules

and templatesEmbedded

Intelligence

Security intelligence for automated offense detection

Prevent. Detect. Respond.

Business part

Business processes analysis from tech perspective

Assessment and management of cyber security risks

Related technological part

Inventory of devices and software

Secure configuration of everything (end-users, devices)

Vulnerability assessment and management

Malware defenses, application security, pen tests

Wifi security

Mobile security

Data security

Continuos skills training and learning

Access control and visibility

Audit, monitoring, analysis, incident response and more

Business & technology must come together

How we can help

Analyze and detect risks

Fulfill audit

Build security action plan

Train the employees

Pass compliance regulations

Save from data leakage

Protect critical assets

Get rid of passwords

Consult Your professionals

Protect from attacks

Help creating RFP docs

Be Your IT Security Advisor!

Business value of «Data Security Solutions»

Balancing costs and risk – floods happen..

Contact UsAndris Sorokaandris@dss.lv

Mob. +371 29162784

Riga, Latviawww.dss.lvLinkedIn: http://lv.linkedin.com/in/andsor

Twitter: @andris_soroka / @dss_it_security

Facebook: http://www.facebook.com/lvdss

Youtube: http://ow.ly/FAfEN

SlideShare: http://www.slideshare.net/andsor

Thank You

Merci

Grazie

Gracias

Obrigado

Danke

Japanese

English

French

Russian

GermanItalian

Spanish

Brazilian PortugueseArabic

Traditional Chinese

Simplified Chinese

Thai

Korean

Think Security First