The dynamic and evolving cyber threat landscape presents a persistent challenge for organizations across industries. Rapid technological advancements and sophisticated tactics employed by cybercriminals demand constant vigilance. As technology progresses, so do the exploitation methods, emphasizing the critical need for organizations to stay proactive, informed, and resilient in safeguarding sensitive data and maintaining the integrity of their operations.
GS Lab | GAVS conducted a webinar titled “Cybersecurity Awareness: A Necessity in the Ever-Changing Threat Landscape”. The eminent panelists included Mr. Inderpal Kohli, VP & CIO at Englewood Hospital Health, Ms. Nazila Ahmadzadeh-Dehghan, VP of Information Technology & Security at Footprint, Ms. Besa H. Bauta, PhD, MPH, MSW, CIO | JBFCS (The Jewish Board), and Mr. Howard Estcourt, Director, Information Security Engineering, Embecta. The session was moderated by Mr. Kannan Srinivasan, Head – Cybersecurity and Data Privacy, GS Lab | GAVS.
Cybersecurity Challenges Across Industries
The industry leaders discussed in detail about the impending cybersecurity challenges in their respective industries and ways to stay ahead of them. Some of their insights are mentioned below.
The increase in cyber attacks in the manufacturing industry is driven by the digital transformation associated with Industry 4.0. While beneficial operationally, adopting industrial IoT and automation expands the attack surface. Manufacturing companies, like Footprint, with patented technologies, possess valuable intellectual property, making them high-value targets. The interconnected global supply chain introduces vulnerabilities as cybercriminals exploit the complexities. Outdated systems and compliance challenges further contribute to security risks. Additionally, there is a need for increased security awareness among manufacturing employees.
The healthcare industry has experienced higher cyber attacks than most other industries due to the sensitivity of patient data, including Personally Identifiable Information (PII). The industry is undergoing a learning curve in cybersecurity practices, with cybercriminals recognizing the value of healthcare data. Recent incidents, such as the attack on 23andMe, highlight the appeal of genomic data on the dark web. Integrating AI technologies poses new challenges in maintaining cybersecurity postures, and the impact on patient data security is a significant concern. Healthcare organizations face higher costs to remediate attacks, and the diverse workforce, which may not be tech-savvy, adds complexity to addressing security challenges.
In the financial industry, a concerning increase in access to broker services has been observed over the last 12 months. These services focus on gaining initial access to organizations and have evolved their methods, through social engineering and targeting personal emails and messaging apps. Stricter application of Multi-Factor Authentication (MFA) and access control policies is being implemented. Threat actors are shifting from traditional deactivation of security technologies to data theft and extortion. Data theft alone has become a potent lever for organizations to pay, diminishing the reliance on ransomware. Risks associated with administrative privileges and defense evasion tools are being addressed within organizations. Security measures are communicated to employees to enhance understanding and cooperation.
Impact of These Attacks on Employees
The evolving tactics of cybercriminals emphasize the importance of baseline cybersecurity education for everyone in an organization. There are various penetration points, including email, phone calls, SMS, and testing network vulnerabilities. Engaging employees in cybersecurity efforts is challenging, especially when competing priorities exist. The key is balancing security and business needs, fostering an understanding of data as a company asset, tailored training based on specific roles and responsibilities, and targeting the correct users for relevant cybersecurity education.
Best Practices for Cybersecurity Awareness Among Employees
Some key strategies for addressing cybersecurity challenges:
- Customized Training Programs: Tailoring training programs to specific roles within the organization, recognizing the diverse responsibilities and experiences of different workforce segments.
- Frequent and Interactive Learning: Implementing regular, interactive training sessions, such as phishing simulation exercises, to keep employees engaged and informed about cybersecurity risks.
- Clear Policies and Standards: Developing simplified and easily accessible policies and standards, ensuring that employees can easily understand and adhere to them.
- Leadership Support and Communication: Securing support from senior leadership and consistently communicating cybersecurity messages through multiple channels, including emails, newsletters, posters, and staff meetings.
- Patient Education: Recognizing the role of patients in data security and incorporating education for patients as part of the overall cybersecurity strategy.
- Creating a Culture of Cybersecurity Awareness: Fostering a culture where cybersecurity awareness is ingrained in daily activities and making it everyone’s responsibility. This involves empowering staff to contribute, encouraging reporting through compliance hotlines, and ensuring a non-punitive approach to addressing security incidents.
- Regular, Bite-Sized Training: Moving away from annual lengthy training sessions and adopting regular, short, and engaging training modules throughout the year. Gamification and reward systems can enhance employee motivation and participation.
- Incident Response and Disaster Recovery: Ensuring that incident response and disaster recovery plans are in place, well-understood across the organization, and regularly tested. This includes educating employees on their roles in incident response and recovery.
- Data Governance: Implementing a robust data governance program to identify and protect sensitive data, mapping data locations, and establishing measures for replication and air-gapping to mitigate risks, especially in a ransomware attack.
- Cost-Benefit Analysis: Considering the cost-benefit of cybersecurity measures, especially in industries like healthcare where large-scale systems may have associated costs and should provide clear benefits.
This blog is a gist of the webinar that is available in its entirety here. For more webinar videos, please visit our website. You can also find more such videos here.
GS Lab | GAVS delivers end-to-end cybersecurity Services, helping clients manage risk and build an effective cybersecurity program. GS Lab | GAVS caters to the full suite of organizational cybersecurity needs – assessment, operations, and/or strategy – and can help conquer your most critical cybersecurity issues. To learn more, visit https://www.gavstech.com/service/security-services/.
