network insecurity
TRANSCRIPT
Network Insecurity
The term “Network Security” is one of the greatest paradoxes in the healthcare industry today. The consequences for data breaches can be catastrophic, while at the same time IT departments are being asked to do more with fewer resources. Within the information technology domain falls the network security department which can receive even less attention despite the risks associated with a data breach.
At a recent meeting of healthcare professionals hosted by the Arkansas Hospital Association attendees were asked to list their top concerns pertaining to network security and compliance. The results were:
1. Mobile device management. Use of personal devices at work. 2. Connected device security concerns. 3. Disgruntled employees. 4. Employees sharing credentials to log into systems.
Although the solutions to these problems are unique, there is a common thread that binds them and essentially all network security issues together. What is the current security profile of the entire organization’s network? HIPPA requires an annual penetration test which presents the status at a given point of time every year, but is by no means always current since the security & compliance landscape changes so frequently.
A growing attack known as Advanced Persistent Threats are when cyber-‐criminals are relentlessly testing for vulnerabilities in a network using out-‐of-‐the-‐box thinking and cutting-‐edge attack methods which leaves an annual penetration test essentially useless in helping a company discover its actual present level of security.
To combat these threats it is recommended that organizations deploy security systems that utilize real time penetration testing on all access points, wired and wireless, into network resources. This “ethical hacking” approach continuously probes all entry points and identifies potential vulnerabilities to the security staff before cyber-‐criminals can access them. Technological advances have made this new security tool inexpensive to deploy and maintain.
Finally, the information provided with these real time penetration tools can be presented to the Board of Directors who can finally see the true picture of the organization’s overall security profile, helping them allocate resources to the areas that need immediate attention. Considering the number of attacks that are happening on a daily basis and the true potential liability possible from HIPPA and HITECH, taking this proactive approach will become necessary to protect the organization and its stakeholders.
Justin Farmer, founder of NEO (myneo.co)
BA – MIS, MS – ISA, Certified Ethical Hacker, Forensic Investigator, Disaster Recovery Professional, ISO 27001 Auditor, Wireless Penetration Tester.