In this chapter, you will learn to
Understand the anatomy of an external cybersecurity attack using an organized approach
Appreciate the cyber operations application of risk management frameworks
Comprehend what a detection capability can provide for risk mitigation
Understand incident response and recovery for the entire organization
Apply tailored risk assessment consideration and balance to compensating controls in healthcare
Healthcare has seen a tremendous explosion of technology become integrated into the everyday care of patients. Traditional computing of desktops, laptops, and servers centrally managed by the information technology (IT) department is rapidly evaporating. Smartphones, medical devices, and so on, are blurring the lines of computing and communications capabilities, spreading information from countless sources all over the network. The result is that professionals outside of traditional IT are involved in security at all levels. Most healthcare organizations are delivering care 24 hours a day, which means that the network is humming all the time. Personal health information (PHI) is also being stored, accessed, and transmitted continuously. So we have the ingredients of a critical mission, many different perspectives, a large network footprint, and personal information coming from everywhere to make a recipe for the perfect storm for cybersecurity.
In this chapter, we tackle this difficult challenge in a practical manner given the resources and tools available. The anatomy of a cyberattack will be laid out to better understand the problem. For many healthcare privacy and security professionals, this may be their first up-close look at cybersecurity attacks in action. Finally, a practitioner's view of applying risk management frameworks for protecting a network will be provided.
In cybersecurity we tend to focus on ourselves because the attackers seem almost like mythical creatures that come to pillage and plunder while we are not looking. The immediate reaction is to fortify our defenses and stop this injustice. However, this is only one side of the equation, and we must give an equal amount of consideration to the adversary. The anatomy of a cyberattack is illustrated in Figure 11-1 and referenced throughout the rest of the chapter.
Overview of the anatomy of a cyberattack
The Anatomy of a Cyberattack
The procedure outlined in Figure 11-1 is the result of incorporating several best-practice framework descriptions of cyber events, such as Lockheed Martin's "Cyber Kill Chain," a term that is actually borrowed from commonly used jargon in the United States Air Force when it references a mission such as an air strike that will be launched from far away.1 In cybersecurity, the term has long been applied to the surface area of attack by external threats. The way the Air Force describes the kill chain process is similar to how cyberattacks happen, as most of the adversaries against ...