CIO
Presented by

More security lessons from the worst cyberattacks
Automation, awareness lead the way in ongoing fight against cybercrime
By Joan Goodchild
Nov 5, 2021
The past 20 months have been extremely difficult for the healthcare industry in the face of the global pandemic. Cyber criminals have only added to the stress level. According to HIPAA, from August 2020 through July 2021, there were 706 reported healthcare data breaches of 500 or more records, and healthcare data of more than 44 million individuals has been exposed or compromised. “That’s the state of healthcare right now – it’s an industry going through a crisis due to the pandemic, which presents an opportunity for criminal entities to attack,” says Jason Ruger, Lenovo’s Chief Information Security Officer.

The increasing level of digitization and interconnection of smart devices makes healthcare an even more attractive target. Devices such as digital thermometers or heart monitors, which once provided little value to cyber criminals, are now becoming targets for ransomware or as entry points for broader attacks across interconnected systems.

“More smart devices increase exposure,” says Ruger. “Operational technology is an under-protected asset.”

The healthcare sector is not alone, as 2021 is shaping up to be one of the worst years ever for data breaches and ransomware attacks. In the U.S., the number of publicly reported data compromises through September 2021 already surpassed the total number of compromises in 2020 by 17%, according to the Identity Theft Resource Center (ITRC). Ransomware attacks were up 151% in the first half of 2021 compared to the same period in 2020, according to Atlas VPN.

What can organizations learn from this surge in cyberattacks? In the first of this two-part series, we looked at the importance of securing the software supply chain and improving defenses against ransomware. In part two, we explore two more valuable lessons: deploying automation across the security stack, and increasing employee awareness about cyberthreats.

Automation to the rescue?

Rising threats have caused security teams to expand beyond their traditional approach of prevention to also include detection and mitigation. Many organizations are turning to automation and artificial intelligence (AI) to help improve their ability to protect sensitive systems and data, detect intrusions faster, and take steps to limit the impact of successful breaches.

Automation and AI can build on basic security hygiene and best practices by offering deeper behavioral or contextual analysis, says Nima Baiati, General Manager of Commercial Cybersecurity Solutions with Lenovo. “These tools can take disparate data points that on the surface may have nothing in common to a human analyst, and string them together to build a contextual story that can be used to auto-detect and auto-prevent,” he says.

Automation and AI play a key role in emerging zero trust security models, which take a segmented approach to providing access to systems, applications, and data. “Don’t provide blanket privileges that employees don’t need,” says Baiati. “Limiting permissions reduces the potential for lateral movement. Then you can layer on contextual analysis to help prevent and mitigate known and unknown attacks.”

Baiati says Lenovo’s customers are increasingly looking to automation to provide detection mechanisms that leverage contextual AI to roll back from damaging ransomware attacks without having to rebuild systems from scratch.

Both Baiati and Ruger stress, however, that AI on its own is not the solution.

“There is no silver bullet,” says Baiati. “You put in place best practices, best technologies, and you have a method to recover when something happens.”

Awareness training is more important than ever

Because many breaches begin with an inadvertent mistake made by an end user, another critical tool in the arsenal for fighting cyberattacks is employee education.

The pandemic dramatically increased the need for better awareness training, Ruger says. Malware disguised as meeting apps spiked by 1,067% between March 2020 and February 2021, according to Atlas VPN. About 40% of all phishing attacks in the fourth quarter of 2020 were related to COVID-19 vaccines, according to Positive Technologies.

“The vast majority of employees want to do the right thing – no one wants to be responsible for unleashing a ransomware attack,” says Baiati. “But employee awareness training can’t be just a tick-box exercise. It’s about having the right practices and policies for training the organization, and it has to be something each employee can apply. It’s about teaching people to operate safely in a digital world.”

As the tools and techniques for social engineering become more sophisticated, Ruger says it’s important for security teams to share specific examples of bad behavior or attacker techniques, so that employees know what to look for.

Lenovo’s approach to security, for both its employees and customers, involves tying together all of these elements – people, process, and technology – into a strategy for reducing risk.

“We’re not just looking at cybersecurity as an email challenge, or a data encryption challenge, but as an end-to-end challenge,” says Baiati.

 

All Episodes (8)

Cybersecurity: Trust no one

Cybersecurity: Trust no one
Andy Ellis, Advisory CISO, Orca Security
Tim Brown, CISO, SolarWinds

Ransomware, a love story

Ransomware, a love story
Rahul Telang, Trustees Professor of Information Systems
Renee Guttmann, Global CISO and Risk Executive, Board Advisor

AI: Reality check

AI: Reality check
Olaf Groth, PhD, CEO Cambrian.ai, Prof. HULT IBS & US Berkeley, Author The AI Generation
Sanjay Srivastava, Chief Digital Officer, Genpact

AI: Automation nation

AI: Automation nation
Anima Anandkumar, Director of Machine Learning Research, NVIDIA
Brian Solis, Global Innovation Evangelist, Salesforce and Author

Flexible workforce: Hybrid vigor

Flexible workforce: Hybrid vigor
Kamila Sip, Neuroscience and Behavior Change Expert
Jon Levy, Behavioral Scientist, NYT Best-Selling Author

IT-as-a-service: A renter’s market

IT-as-a-service: A renter’s market
Tien Tzuo, Founder and CEO, Zuora
Matt Kimball, Principal Analyst, Moor Insights & Strategy

Edge computing: Distribute or die

Edge computing: Distribute or die
Stephanie Atkinson, Executive Thought Leader and Influencer
Satya Jayadev, VP and CIO, Skyworks

Green IT: The color of money

Green IT: The color of money
Rob Enderle, President and Principal Analyst, Enderle Group
Pamela Rucker, President, The Rucker Group, Instructor, Harvard Professional Development Programs