More security lessons from the worst cyberattacks
Automation, awareness lead the way in ongoing fight against cybercrime
  • Joan Goodchild
  • 11/05/2021
More security lessons from the worst cyberattacks
The past 20 months have been extremely difficult for the healthcare industry in the face of the global pandemic. Cyber criminals have only added to the stress level. According to HIPAA, from August 2020 through July 2021, there were 706 reported healthcare data breaches of 500 or more records, and healthcare data of more than 44 million individuals has been exposed or compromised. “That’s the state of healthcare right now – it’s an industry going through a crisis due to the pandemic, which presents an opportunity for criminal entities to attack,” says Jason Ruger, Lenovo’s Chief Information Security Officer.

The increasing level of digitization and interconnection of smart devices makes healthcare an even more attractive target. Devices such as digital thermometers or heart monitors, which once provided little value to cyber criminals, are now becoming targets for ransomware or as entry points for broader attacks across interconnected systems.

“More smart devices increase exposure,” says Ruger. “Operational technology is an under-protected asset.”

The healthcare sector is not alone, as 2021 is shaping up to be one of the worst years ever for data breaches and ransomware attacks. In the U.S., the number of publicly reported data compromises through September 2021 already surpassed the total number of compromises in 2020 by 17%, according to the Identity Theft Resource Center (ITRC). Ransomware attacks were up 151% in the first half of 2021 compared to the same period in 2020, according to Atlas VPN.

What can organizations learn from this surge in cyberattacks? In the first of this two-part series, we looked at the importance of securing the software supply chain and improving defenses against ransomware. In part two, we explore two more valuable lessons: deploying automation across the security stack, and increasing employee awareness about cyberthreats.

Automation to the rescue?

Rising threats have caused security teams to expand beyond their traditional approach of prevention to also include detection and mitigation. Many organizations are turning to automation and artificial intelligence (AI) to help improve their ability to protect sensitive systems and data, detect intrusions faster, and take steps to limit the impact of successful breaches.

Automation and AI can build on basic security hygiene and best practices by offering deeper behavioral or contextual analysis, says Nima Baiati, General Manager of Commercial Cybersecurity Solutions with Lenovo. “These tools can take disparate data points that on the surface may have nothing in common to a human analyst, and string them together to build a contextual story that can be used to auto-detect and auto-prevent,” he says.

Automation and AI play a key role in emerging zero trust security models, which take a segmented approach to providing access to systems, applications, and data. “Don’t provide blanket privileges that employees don’t need,” says Baiati. “Limiting permissions reduces the potential for lateral movement. Then you can layer on contextual analysis to help prevent and mitigate known and unknown attacks.”

Baiati says Lenovo’s customers are increasingly looking to automation to provide detection mechanisms that leverage contextual AI to roll back from damaging ransomware attacks without having to rebuild systems from scratch.

Both Baiati and Ruger stress, however, that AI on its own is not the solution.

“There is no silver bullet,” says Baiati. “You put in place best practices, best technologies, and you have a method to recover when something happens.”

Awareness training is more important than ever

Because many breaches begin with an inadvertent mistake made by an end user, another critical tool in the arsenal for fighting cyberattacks is employee education.

The pandemic dramatically increased the need for better awareness training, Ruger says. Malware disguised as meeting apps spiked by 1,067% between March 2020 and February 2021, according to Atlas VPN. About 40% of all phishing attacks in the fourth quarter of 2020 were related to COVID-19 vaccines, according to Positive Technologies.

“The vast majority of employees want to do the right thing – no one wants to be responsible for unleashing a ransomware attack,” says Baiati. “But employee awareness training can’t be just a tick-box exercise. It’s about having the right practices and policies for training the organization, and it has to be something each employee can apply. It’s about teaching people to operate safely in a digital world.”

As the tools and techniques for social engineering become more sophisticated, Ruger says it’s important for security teams to share specific examples of bad behavior or attacker techniques, so that employees know what to look for.

Lenovo’s approach to security, for both its employees and customers, involves tying together all of these elements – people, process, and technology – into a strategy for reducing risk.

“We’re not just looking at cybersecurity as an email challenge, or a data encryption challenge, but as an end-to-end challenge,” says Baiati.


Watch the latest episodes of LNIT

Season 2 (8 episodes)
Season 1 (8 episodes)