network insecurity

Network  Insecurity  

  The  term  “Network  Security”  is  one  of  the  greatest  paradoxes  in  the  healthcare  industry  today.    The  consequences  for  data  breaches  can  be  catastrophic,  while  at  the  same  time  IT  departments  are  being  asked  to  do  more  with  fewer  resources.    Within  the  information  technology  domain  falls  the  network  security  department  which  can  receive  even  less  attention  despite  the  risks  associated  with  a  data  breach.    

  At  a  recent  meeting  of  healthcare  professionals  hosted  by  the  Arkansas  Hospital  Association  attendees  were  asked  to  list  their  top  concerns  pertaining  to  network  security  and  compliance.    The  results  were:      

1. Mobile  device  management.    Use  of  personal  devices  at  work.    2. Connected  device  security  concerns.  3. Disgruntled  employees.  4. Employees  sharing  credentials  to  log  into  systems.    

  Although  the  solutions  to  these  problems  are  unique,  there  is  a  common  thread  that  binds  them  and  essentially  all  network  security  issues  together.    What  is  the  current  security  profile  of  the  entire  organization’s  network?      HIPPA  requires  an  annual  penetration  test  which  presents  the  status  at  a  given  point  of  time  every  year,  but  is  by  no  means  always  current  since  the  security  &  compliance  landscape  changes  so  frequently.  

  A  growing  attack  known  as  Advanced  Persistent  Threats  are  when  cyber-­‐criminals  are  relentlessly  testing  for  vulnerabilities  in  a  network  using  out-­‐of-­‐the-­‐box  thinking  and  cutting-­‐edge  attack  methods  which  leaves  an  annual  penetration  test  essentially  useless  in  helping  a  company  discover  its  actual  present  level  of  security.    

  To  combat  these  threats  it  is  recommended  that  organizations  deploy  security  systems  that  utilize  real  time  penetration  testing  on  all  access  points,  wired  and  wireless,  into  network  resources.    This  “ethical  hacking”  approach  continuously  probes  all  entry  points  and  identifies  potential  vulnerabilities  to  the  security  staff  before  cyber-­‐criminals  can  access  them.      Technological  advances  have  made  this  new  security  tool  inexpensive  to  deploy  and  maintain.            

  Finally,  the  information  provided  with  these  real  time  penetration  tools  can  be  presented  to  the  Board  of  Directors  who  can  finally  see  the  true  picture  of  the  organization’s  overall  security  profile,  helping  them  allocate  resources  to  the  areas  that  need  immediate  attention.    Considering  the  number  of  attacks  that  are  happening  on  a  daily  basis  and  the  true  potential  liability  possible  from  HIPPA  and  HITECH,  taking  this  proactive  approach  will  become  necessary  to  protect  the  organization  and  its  stakeholders.      

Justin  Farmer,  founder  of  NEO  (myneo.co)  

BA  –  MIS,  MS  –  ISA,  Certified  Ethical  Hacker,  Forensic  Investigator,  Disaster  Recovery  Professional,  ISO  27001  Auditor,  Wireless  Penetration  Tester.