Growing number of endpoints raises healthcare vulnerability
The risk of criminal access to networks and cyber attacks is rising because of endpoint vulnerabilities, according to results of a recent survey by the Ponemon Institute.
The survey, conducted by Ponemon on behalf of CounterTack, has significant implications for healthcare organizations, which have seen increased access to networks and information through the use of many kinds of devices, such as laptops and smartphones.
The fact that more devices are in use to access an organization’s network—often in the hands of unsophisticated users who may be careless with security practices—raises the number of ways that networks can be hacked.
The Ponemon study, which looked at information system security across several industries, revealed that protection of endpoint devices has not kept up with risks that confront them. “With all the information we’ve gathered, there seems to be a stalemate,” says Larry Ponemon, founder of security research firm Ponemon Institute. “Companies are doing a lot more, but can’t keep up with the crooks.”
The healthcare industry is a high-profile target because of the value of the data that providers and payers hold.
Endpoint security is a rising concern across industries. Endpoint devices can include servers, desktop and laptop computers, smartphones, printers, point-of-service devices and more, and they communicate data with an organization’s information network. “The endpoint is the gateway to enterprise systems,” Ponemon explains. “Attack vectors converge on connected devices, and then infiltrate the network.”
Particularly in healthcare, with the increased use of mobile devices, not enough attention has been paid to how to assess whether a device is safe, but too many companies are not creating a more secure environment. “If you have 100 connected devices, it’s hard to determine which one is the target,” Ponemon says. While there are lots of tools and devices to make endpoint security better, the reality is that many organizations remain in a status quo environment and are not being proactive.”
Negligent employees and the devices they use in the workplace continue to be the greatest source of endpoint risk, the Ponemon survey found. Some 81 percent of respondents said the biggest challenge is minimizing the threat of negligent or careless employees who do not follow security policies. The threat caused by the growing number of insecure mobile devices in the workplace increased to 50 percent from 33 percent in 2013, respondents said.
Further 60 percent of respondents said that it has become more difficult to manage endpoint risk, and 80 percent of respondents believe their mobile endpoints have been the target of malware over the last 12 months, up from 68 percent only two years ago. Laptops and smartphones pose the biggest endpoint risk, according to 43 percent and 30 percent of respondents, respectively. Respondents estimate that an average of one-third of all endpoints connected to their organization’s network is not secured.
Ransomware has become a big problem because not only can a healthcare organization or another company be hit once, but ransomware can make lateral movements in an organization—stamp it out in one part and it shows up in another.
That’s why endpoint security has become so important, according to Ponemon. Many organizations in healthcare and other sectors have followed a Fort Knox strategy of building strong perimeter defenses. But even the best firewalls can’t identify every piece of malware, and the concept of data has changed, he adds. “It’s all over the place and unstructured, such as email.”
Healthcare organizations have not been at the leading edge of network security, in part because they often don’t have the resources or believe that criminals were targeting other sectors, such as banking and finance, Ponemon says. But other sectors have hardened their network defenses, and healthcare’s security appears soft by comparison, particularly considering the number of business associates involved in care, which may not be as security-conscious as they should be.
Ponemon advises taking a good look at cloud computing vendors, as they have stepped up with very secure environments, making it possible for even the smallest providers to have adequate protection. Further, recent initiatives to share threat data and integrate threat intelligence into security plans will improve overall protection, he adds. “Many providers didn’t think they had the right people to assess the information, so they didn’t necessarily improve security.”
The report, sponsored by data security firm CounterTack but independently researched by Ponemon, is available here.