Elie Nasrallah began his thought leadership presentation at the 2018 Technology Innovation in Healthcare Forum held on April 4 in New York by stating, “When you think of the last five years, even the most secure environments are getting attacked by sophisticated, stealthy, persistent threats that are penetrating the many layers of defense. What does that tell you? There’s no silver bullet in this industry. Layered defenses are great, and defense-in-depth is a must-have these days with the stealthy, multi-staged, multi-vector threats. There are many attack vectors besides email and phishing,” he noted.
“There are four layers to optimize protection—email, endpoint, network, and server—but you want to gain visibility across the many attack vectors. It’s key to understand the fundamentals and the anatomy of an attack—what happens behind the scenes. These attack vectors involve several stages including intelligence gathering, point-of-entry, command-and-control communication, lateral movement, asset discover, and data exfiltration,” said Nasrallah. The components of each stage are:
Point of Entry
Command and Control (C&C) Communication
“It’s key to understand the fundamentals and the anatomy of an attack—what happens behind the scenes.”
“The supply chain is another huge attack vector and one that’s been neglected over the years. This is coming to life now, because there are so many entry points for malware to come through. Organizations are deploying these defense-in-depth solutions and spending millions at the perimeter, but they’re not looking at the big picture,” he emphasized.
“Organizations are deploying these defense-in-depth solutions and spending millions at the perimeter, but they’re not looking at the big picture.”
Nasrallah’s company did a qualitative risk analysis across various vectors in healthcare IT and came up with the following recommendations:
entity outside a network’s trusted circle to minimize the risk of supply-chain attacks.
“The new threat landscape is evolving. New zero-days are being crafted as I speak. Even the most secure organizations are getting pounded, every day,” he said.
“It’s key that you collaborate more and share intelligence with your peers or with other industries to strengthen your defenses and safeguard your critical assets, your PHI systems,” advised Nasrallah. “We’ve been working on an intelligence sharing and threat-management program. We’re designing a deception solution involving decoys that mimic your health environment to lure these would-be attackers into a fake system so we can gather their tactics, techniques, and procedures and then share those indicators of compromise in a threat-sharing system so everyone can safeguard critical systems against these new breeds of attack.”
“It’s key that you collaborate more and share intelligence with your peers or with other industries to strengthen your defenses and safeguard your critical assets, your PHI systems.”