10 Top Security Concerns for 2017
December 7, 2016 6:30 AM
10 Top Security Concerns for 2017
Cyber attack challenges will continue to bedevil efforts to protect data in 2017. Here are 10 of the top security concerns on the minds of data and IT professionals.
Security threats remain a top concern in 2017
Security concerns will only grow in 2017, as cyber attacks become more focused and sophisticated. Organizations will continue to struggle to protect their networks and keep patients protected health information out of the wrong hands. Our sister publication, Health Data Management, sought predictions for the New Year from some of the nations top security experts. They included Mac McMillan, co-founder and CEO of CynergisTek, a top-ranked information security and privacy consulting firm focused on the healthcare IT industry; David Finn, health information technology officer for Symantec; Tim Erlin, senior director of IT security and risk strategy for Tripwire; and Lance Hayden, chief privacy and security officer for ePatientFinder.
1.<TAB>Ransomware threat will continue to grow
Extorting payment for encrypted data had a breakout year in 2016, and the threat will only grow in 2017, the security experts agree. Extortion attackswhether its ransomware or some other attackcauses havoc and has proven to be effective at eliciting the pay-up response, McMillan says. As long as it works, cybercriminals will use it. Finn expects the threat of ransomware will grow throughout most of the year. Reducing the risk of these incidents will mean organizations need to improve strategies for backing up data, Hayden predicts.
2. Device vulnerabilities will demand action
The number of devices being used by organizations is growing, and many represent security risks for organizations. In the example of healthcare, some connect wirelessly to hospitals networks, and older models that run on older operating systems are particularly at risk for hacking. If theyre compromised, they may be used as an entry point to access hospital data. Others fear that infusion pumps or pacemakers could be hacked to provide dangerous medical care to patients.
3. Reimbursement uncertainty may reduce spending on security
With the changes expected from a new Trump administration in Washington, its difficult to know how reimbursements to healthcare providers will be affected. Finn of Symantec believes that uncertainties surrounding reimbursement will affect overall spending by healthcare organizations. The lack of direction in the business of healthcare will adversely impact spending on health information technology and on security, he predicts.
4. Too much technology could actually make security worse
More technology is emerging to protect networks and the information that flows over thembut relying on technology alone could rise as a major miscalculation by organizations, the experts contend. Organizations that try to improve security by adding all manner of systems, technology and people with limited understanding of security or healthcare will make security worseyes, its possible, Finn says. Security can be compromised at a non-technology levelbecause of the human element or because organizations dont have a security strategy thats right for the organizations size and resources, Hayden says. Finn agrees: Organizations that address security with a holistic approach using sound systems, security engineering techniques, and security design principles will make their systems less vulnerable; reduce damage caused by disruptions, hazards and threats; and improve resilience against attacks so they can continue to support critical missions and business functions after being compromised.
5. Finding security workers will remain a challenge
Hiring qualified personnel with security experience is difficult nationwide, with shortages of workers reported in all industries. As a result, organizations are fighting to hire trained staff, and often are at a competitive disadvantage in paying for key staff. Experts expect 2017 to be just as challenging for organizations that want to hire information security professionals.
6. IoT and mobile devices will challenge provider security
The number of devices connected to the Internetthe so-called Internet of Thingscontinues to soar, expected to reach 20 billion by the end of the decade. They pose a variety of risks to organizations. An overwhelming number of these are insecure, McMillan notes. Also, recent distributed denial of service attacks have shown that IoT devices can be co-opted to overwhelm web servers with requests, and that will raise the ante on protecting healthcare IoT devices.
7. As organizations share more data, theyll face increased risks
Recent final rules from agencies and legislation passed by Congress will increase requirements to share healthcare information to improve patient care. Thats great, but it also will increase the likelihood that information can be intercepted, the experts believe. Sharing health data for treatment, payment and operations will expandcreating more opportunity for data loss and theft, Finn predicts. Thats particularly true as data goes to vendors who have third-party supply chain relationships with providers, McMillan adds. A growing number of breaches are involving third parties, and they have the potential to be huge incidents.
8. Insiders will pose a growing risk for security
Most hackers need a hand in accessing data networks, and many times, that comes from insiders who, either accidentally or purposely, distribute network credentials. Insiders will continue to be a problem in the security chain because [organizations] will continue to ignore them as both a weakness and a strength, Finn says. Hayden agrees, noting that organizations in 2017 need to create a culture of security that include management support and involvement, a strong training and awareness program. Organizations need to engage users, through gamification, champion programs, and more, Hayden adds.
9. Protecting data in the cloud will pose new challenges
Organizations will put more data in the cloud in 2017, and that will raise the stakes on protecting information thats offsite, McMillan says. At some point, the threat will find a way to attack the cloud successfully, and when that happens, the only question is whether it will be all data or some, in terms of loss, he says. Innovation such as using the cloud is the proverbial double-edged sword. Its an absolute necessity for advancement, but security continues to lag further behind, which ultimately risks the advancement.
10. Organizations will need to increase sophistication in detecting attacks
Organizations will need to increase their sophistication in using analytics to detect unusual network activity, but that will be a struggle unless organizations have the acumen to use these tools, the experts contend. Bad actors continue to be at the center of many incidents, McMillan says. Organizations must move to behavioral-based analytics if they hope to stop bad behaviors and fraud.
