An ounce of prevention is worth a pound of cure – that’s the message from Travis Rosiek, the Chief Technology and Strategy Officer of BluVector in a new blog post summarizing the state of organizational cybersecurity.
Cyber.Media has covered threat actors targeting healthcare systems, and Rosiek’s message seems particularly prescient in light of the Ryuk ransomware causing Universal Health Systems to shut down their network at 250 hospitals and clinics in the United States. Even if your organization isn’t responsible for protecting lives like UHS, CISOs and senior leadership must go beyond compliance with technical standards and limiting liability.
Our increasingly networked world and remote workforce create immense challenges for organizational cybersecurity teams. The Ryuk ransomware used in the UHS attack can even propagate across IoT devices, including medical tools like radiology machines. If malicious software gains a foothold in an organization and moves laterally throughout the network, then the amount of time that systems are compromised, remediation time, and remediation costs all become major concerns. Better to invest in a strong defensive posture and prevent the breach through advanced threat detection.
But why aren’t existing solutions that many organizations have invested in getting the job done? Rosiek writes about the progression from antivirus to firewalls, NIDS, HIDS, IPS, sandbox security, EDR solutions, Next Generation Firewalls, Advanced EPP, etc. In his view, plugging in more and more tools often fails to provide meaningful data sharing across systems and just adds distraction to security teams. He writes:
“Despite organizations implementing these solutions over the years, adversaries have still been incredibly successful. The two biggest problems are poor first move detection and inability to find and triage the events that matter from all of the noise efficiently in time to usurp attacks. More focus has been placed on curing the impact of a breach rather than more effective prevention.”
Read the full post at BluVector.io for Travis Rosiek’s guidance on improving first-move detection to shut down threat actors before they can wreak havoc on your organization.