One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8472554 |
| Date de publication | 2024-03-29 06:00:11 (vue: 2024-03-29 13:08:30) |
| Titre | Déverrouiller l'efficacité de la cybersécurité dans les soins de santé: utiliser des informations sur les menaces pour naviguer dans la surface d'attaque humaine Unlocking Cybersecurity Efficiency in Healthcare: Using Threat Insights to Navigate the Human Attack Surface |
| Texte | Understanding your organization\'s human attack surface is not just a good idea in today\'s threat landscape; it\'s essential. Why? Because it can make all the difference in your efforts to allocate your limited resources efficiently. Let\'s face it-in the world of cybersecurity, one size does not fit all. It is not feasible to adopt a uniform approach to secure your business. And while most of your users may pose a minimal risk, there are smaller, high-risk groups that attract the lion\'s share of attention from cyberthreat actors. Identifying these groups and understanding what makes these users so enticing to attackers is key to creating an effective defense. At Proofpoint, we recognize the importance of understanding the human attack surface. Our approach to cybersecurity revolves around a human-centric defense strategy. And email serves as a valuable window into the most vulnerable parts of your business. We analyze inbound threats directed at email addresses and enrich them with directory information. This is a Proofpoint Targeted Attack Protection (TAP) feature that\'s available to all customers. As a result, we provide valuable insights into the job roles and departments that are prime targets for attackers. In this blog, we\'ll go through some of our most recent insights for the healthcare industry-and the job roles that attracted the most interest from attackers. 2023 research overview For our research in 2023, we created a healthcare peer group of over 50 similar hospital systems to track within the Proofpoint TAP platform. We meticulously analyzed “people data” from these systems to identify trends in attack patterns. We tracked: Attack index Click rates Malicious message volume Total clicks across various departments More specifically, we looked for outlier clusters that exhibited movement beyond the average. What follows are a few of our insights. Threat actors target roles related to finance and the revenue cycle back-end As it turns out, attackers have a penchant for people in finance-related jobs and those who are involved in transactions. These users were consistently attacked more than others. When we drill down further on our findings, we see that departments involved in the supply chain and facilities management exhibit similar deviations from the average. The reason? These roles often require people to be involved in transactions, making them attractive targets for attackers. 2023 department-level average attack index: Finance and transactional job roles averaged a significantly higher attack index per month per user. Money is a bigger draw than data But here is where it gets interesting. When we compare job roles and departments based on access to transactions versus access to health information, the difference is stark. It seems that attackers are more determined to interdict financial transactions than to gain access to users with large amounts of health data. 2023 department-level average attack index; medical and information services departments averaged a significantly lower attack index per month per user than financial and transactional job roles. Threat actors go after roles that deal with patient service revenue Going a step further, we wanted to understand the impact of threats on people in administrative and clinical roles who help capture, manage and collect patient service revenue. We examined the revenue cycle by categorizing job roles and departments in the following ways. Front-end (admin and pre-visit) Middle (visit, claim submission) Back-end (inbound processing, payer, patient) The disparity between groups with access to transactions and those with access to health data is evident. The revenue cycle back-end category exhibits the highest average attack index among revenue cycle labeled data, which we attribute to finance job roles associated with billing. 2023 average of attack index trends; revenue cycle quarterly comparison. The interest of attackers in finance-related job roles comes |
| Envoyé | Oui |
| Condensat | 2023 about access across actors actually addresses admin administrative adopt after against ahead all allocate among amounts analyze analyzed approach are area areas around associated attack attacked attackers attention attract attracted attractive attribute available average averaged averages back based baseline because below between beyond bigger billing blog both budget business but can capital capture categorizing category centric chain claim click clicks clinical clusters collect comes communicate compare comparison confirming consistently created creating customers cybersecurity cyberthreat cyberthreats cycle data dataset data data” deal defenders defense department departments deploy determined deviates deviations difference directed directory disparity does down draw drill each effective effectively effectively efficiency efficiently efforts email end end enhance enrich enticing essential even evident examined exhibit exhibited exhibits exposure extensive face facilities feasible feature finance financial findings fit focus following follows foundational from front further future gain gets going good group groups has have health healthcare healthcare: help helps here high higher highest hospital human idea identify identifying impact importance inbound includes index index: index; index indicate industry information insights intellectual interdict interest interesting involved job jobs just keep key keyword keywords know labeled landscape; large last leadership learn let level like likely limited linked lion looked loss lower make makes making malicious manage manageability management matter may mean means medical message messages meticulously middle minimal minimize money month more most movement navigate needs nontechnical not observed often one organization others out outlier outlined over overview paradigms parts patient patterns payer peer penchant people per personal platform pose pre prime processing profile profiles proofpoint protecting protection provide provides quarterly rates reason recent recognize related require research research resources result revenue revenue revolves risk risks roles secure see seems serves service services share shifts significant significantly similar size smaller solutions some specifically stark stay step strategy submission supply surface surpassed surprise systems tap target targeted targeting targets than that them theory these think those threat threats three through title titles today total track tracked: transactional transactions trends trends; turns understand understanding uniform unlocking use user users using valuable various versus visit volume volume vulnerable wanted ways what when where which who why window within world year your “people |
| Tags | Threat Medical |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.