Protecting Healthcare Against Ransomware: Essential DefensesYou Can Spot Many Attacks Unfolding - If You Watch, Says Peter Mackenzie of Sophos
Especially for healthcare organizations, repelling ransomware attacks hinges on having robust monitoring and defenses in place, including the ability to spot the signs of an unfolding attack, says Peter Mackenzie, director of incident response at Sophos. That way, if attackers do break in, they can be disrupted before unleashing crypto-locking malware.
"What we found in investigations for ransomware this year: Over 80% of ransomware victims had what we class as warning signs prior to the ransomware deployment," and this year the average was 11 days between intrusion and ransomware, Mackenzie says. "These attacks are relatively noisy, and by that I mean mistakes - the attackers use tools and techniques that will get detected by your security solutions."
That's because most attackers aren't bringing high levels of talent or other sophistication to bear. "It is depressing how amateur some of these attacks are, but they work," he says.
In this video interview with Information Security Media Group, Mackenzie discusses:
- Unique challenges for healthcare when battling or responding to ransomware;
- Top tactics used by attackers against healthcare and how to defend against them;
- Why more organizations are using cloud-based security services and working with managed detection and response firms.
Mackenzie, who has worked at Sophos since 2011, manages the company's incident response team and helps customers triage, contain and neutralize threats.
Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.