Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand...
Transcript of Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand...
![Page 1: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/1.jpg)
Cybersecurity: Vulnerabilities, Attacks, and Mitigating Against Threats
Thursday, March 3rd, 2016
Ryan Witt, Vice President – Healthcare Industry Practice, Fortinet Hussein Syed - Chief Information Security Office at Barnabas Health System
![Page 2: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/2.jpg)
Agenda
• Current State of Healthcare • Healthcare Threat Landscape • CISO’s View of Securing Healthcare
![Page 3: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/3.jpg)
Learning Objectives • Recognize why these breaches are occurring • Assess the kind of countermeasures that are being used today and their relative effectiveness
• Identify what the industry can do to solve this problem, both policy-wise and collective action-wise
![Page 4: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/4.jpg)
http://www.himss.org/ValueSuite
Realizing Value of HIT - STEPS
Safeguarding PHI
![Page 5: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/5.jpg)
![Page 6: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/6.jpg)
Global Healthcare Breach Environment
![Page 7: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/7.jpg)
IBM / Ponemon Study - 2015
![Page 8: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/8.jpg)
Transformed Care is a Hotbed for Cybersecurity
![Page 9: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/9.jpg)
![Page 10: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/10.jpg)
Evolving Threat Landscapes – Current Challenges
![Page 11: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/11.jpg)
FortiGuard Labs Threat Research Since 2000, FortiGuard Labs has provided industry-leading security intelligence and research.
![Page 12: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/12.jpg)
FortiGuard Labs Theatre Engagement
![Page 13: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/13.jpg)
Prediction 1 – The Rise of Machine to Machine Attacks (Background)
![Page 14: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/14.jpg)
Prediction 1 – The Rise of Machine to Machine Attacks (Outlook)
![Page 15: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/15.jpg)
Prediction 2 – Headless Worms Target Headless Devices (Background)
![Page 16: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/16.jpg)
Prediction 2 – Headless Worms Target Headless Devices (Outlook)
![Page 17: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/17.jpg)
Prediction 3 – Jailbreaking the Cloud (Background)
![Page 18: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/18.jpg)
Prediction 3 – Jailbreaking the Cloud (Outlook)
![Page 19: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/19.jpg)
Prediction 4 – Ghostware Conceals IOCs (Background)
![Page 20: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/20.jpg)
Prediction 4 – Ghostware Conceals IOCs (Outlook)
![Page 21: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/21.jpg)
Prediction 5 – Two Faced Malware (Background)
![Page 22: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/22.jpg)
Prediction 5 – Two Faced Malware (Outlook)
![Page 23: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/23.jpg)
Actionable Threat Intelligence
![Page 24: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/24.jpg)
Finding the Needle in the Haystack…
![Page 25: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/25.jpg)
![Page 26: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/26.jpg)
Build a security practice • Information Security has become strategic element of an
organizations operating plan, • We are expected to assure the Corporate boards, our
investors, and the regulatory agencies of our information security posture
• Build relationships with peers and understand the business of healthcare
• Develop plans to: – Protect the your brand and reputation – To be HIPAA and PCI DSS compliant – Protect the organization against Cyber Threats
• Build a mature results driven security organization
![Page 27: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/27.jpg)
Build a plan • Develop a three to five years security plan that aligns with a framework • Business wants to
– Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic objectives
• Do a high level baseline of your security portfolio, its re-iterative process • Technology areas to address with a limited resources
– IT Governance Risk and Compliance – Identity and Access Control Management – Incident Management (Prevention and Detection)
• Threat Management • Vulnerability Management • Data Security • Network Security • System Security
– Business Continuity Management – Information Lifecycle Management (Data Governance)
![Page 28: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/28.jpg)
It’s a journey • Use a risks based approach to address • Use the technical roadmap such as Sans CIS to
map high level objectives to technical tasks • Make it a People, Process, and Technology
– Train and educate your Security team – Understand and streamline processes to gain
efficiencies – Implement technologies to gain visibility and
compliance
![Page 29: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/29.jpg)
NIST Cybersecurity Framework
![Page 30: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/30.jpg)
VISION MISSION
MEMBERS
Advancing the role of CISOs and CSOs through education, collaboration, and advocacy in support of secure health information for the protection of both healthcare organizations and consumers.
Shaping the future of healthcare through the provision of trusted and reliable
security environments.
Launched in July 2014, AEHIS is the first professional organization representing healthcare
executives in senior information security roles. AEHIS’ 250 members are responsible for leading
security practices and safeguarding against patient data breaches and cyber threats.
Where to learn more - AEHIS
![Page 31: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/31.jpg)
Where to learn more - WEDI
The Workgroup for Electronic Data Interchange (WEDI) is the leading authority on the use of Health IT to improve healthcare information exchange in order to enhance the quality of care, improve efficiency and to reduce costs of the American healthcare system. Formed in 1991 by the Secretary of Health and Human Services (HHS), WEDI was named in the 1996 HIPAA legislation as an advisor to HHS and continues to fulfill that role today. - See more at: http://www.wedi.org/about-us#sthash.idLyG6x2.dpuf
![Page 32: Cybersecurity: Vulnerabilities, Attacks, and Mitigating ... · • Business wants to – Brand protection prevent incidents/breaches – Ease of technology use – Meet their strategic](https://reader035.fdocuments.in/reader035/viewer/2022070918/5fb85da84049893f1445b449/html5/thumbnails/32.jpg)
Questions
Ryan Witt Vice President – Healthcare Industry Practice Fortinet [email protected] / 650.492.3480 / @WittRZ Hussein Syed Chief Information Security Office Barnabas Health System