Security experts have warned healthcare organizations to bolster their defenses against a tidal wave of online attacks in 2015 and added that Internet of Things devices could become a major threat vector.
In its 2015 Security Predictions report, security vendor Websense claimed that healthcare records will continue to be a major draw for cyber-criminals, containing as they do personally identifiable information which can be used to commit ID theft and other follow-up attacks.
What’s more, healthcare professionals might be IT security teams’ worst enemy as they bypass policies to better serve patients, it said.
Carl Leonard, principal security analyst, explained that in the US alone there’s been a 600% increase in attacks targeting healthcare data since the start of 2014.
“With the amount of threats set to grow even further in 2015 it is imperative that these organizations eliminate the uncertainty of cyber risks,” he told Infosecurity.
“They must invest in technologies that provide visibility into attempted attacks and detail how successful attacks could affect them. They also need to ensure they have access to better threat intelligence and real-time defenses to be prepared for the worst case scenario of a cyber-attack.”
Adding to the problem is the fact that many healthcare organizations are transferring to electronic patient records systems but without the necessary cyber-security safeguards, Websense said.
Internet of Things devices used by corporates could also provide increased risk in 2015, with Websense predicting at least one major breach made possible through an internet-connected device.
Once again, security is often seen as an inhibitor and could be left on the back seat as such innovations are assimilated into enterprises, leaving dangerous gaps for hackers to exploit.
“Organizations are already overwhelmed by data, and IoT will add to that data deluge. The risk to business is that the noise that IoT will create could turn into a place for cyber-criminals to hide and wait,” warned Leonard.
“If successful, they can use this entry point as the start of an attack. To try and stop the loss of IP or data, companies need to have the right defenses that are sophisticated enough to detect things like low and slow data leaks.”
Websense also claimed 2015 would see more vulnerabilities of the Shellshock/Heartbleed type emerge.
Finally, there were warnings that social media platforms would increasingly be used by cyber-criminals as covert C&C infrastructure.
Just last month it emerged that attackers were using an online video site to smuggle data out of a firm under the radar of traditional security tools.