How Exposed Are We?
Cyber Vulnerabilities from Healthcare to IoT
Being connected to the outside world has its risks. That’s not to say we all should revert to paper and start building underground bunkers. However, as we saw recently with the WannaCry virus, hackers can wreak havoc when people — and systems — aren’t prepared.
What, me worry?
Medical records are one of many areas that could be at risk to cyber-attacks. In the first half of 2017 alone, around 80 breaches were reported to the U.S. Health & Human Services. Many hospitals and doctors’ offices may lack the financial resources to invest in enhanced cybersecurity. Additionally, the process of switching medical records over to electronic systems proved challenging for many hospitals and health care organizations, a switch many are still dealing with. Combine those things and the sheer volume of information sharing that occurs between different healthcare offices and organizations and you have an industry ripe for attack (e.g. think how often your own medical records are sent between different doctors). A Congressional subcommittee has begun to examine ways to improve cybersecurity in the healthcare sector, but in the meantime healthcare organizations should think through how they will handle and respond to any kind of cyber incident.
At the other end of the technology spectrum are autonomous vehicles. While the car itself may be “offline” many parts of it are very connected (think navigation and entertainment systems). The worst-case scenario is a hacker gaining control of the car — a terrifying thought. Similarly, “smart” or Internet of Things (IoT) products are also ripe for potential hacks. The risk with IoT products is not that a mischievous hacker could gain control of your refrigerator or TV and melt your ice cream or delete the season finale of “Game of Thrones”, but that they could gain access to your WiFi network and from there gain access to all sorts of sensitive data. That’s far scarier than anything on TV.
Do we hide under the bed?
Yes, connectivity can make us more vulnerable, but there’s a lot companies and individuals can do to protect themselves. Beyond upgrading your IT security, think through where the vulnerable points are in your organization: Are your employees trained in how to spot and avoid spear phishing? Do you force regular password resets? The human element is the one often least considered, but most vulnerable.
Cyber crisis training and prep for those human elements can really help minimize risks. It won’t eliminate them, but with training organizations may be better able to spot and respond quickly and appropriately. While government agencies and private groups are actively working to shore up the security of our networks, employee education and cyber crisis preparedness should be part of any cybersecurity program. Underground bunker not required.