The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
The Aon Cyber Security Risk Report 2019 uncovers the biggest threats to businesses worldwide as the landscape continues to evolve. It highlights eight areas of vulnerability, spanning digital transformation, supply chain, employee negligence, business operations and gorwing cyber regulation. Its main takeaway is that the scale of attacks is expanding and implact insensifying. Here are the top five insights with some additional pointers from PANACEA.
The positive outcome of 2017’s WannaCry ransomware is its role in raising the collective consciousness of this type of attack, which brough down 80 NHS trusts with the cancellation of thousands of operations and appointments and, according to the UK Department of Health, at a cost of £92 million. Other cases cause additional reputational damage.
The increasing use of technology is creating an expanding and evolving cyber-attack surface. In the automotive industry, vehicles are full of 'hackable' technology, e.g. cellular, Wi-Fi, Bluetooth, infrared networks, with full autonomy yet to arrive. IoT (Internet of Things) is also bringing to market a host of network devices, from conferencing systems to security cameras and building automation sensors that are vulnerable to attack. All these technology advances are increasing the importance of monitoring and inventorying IoT endpoints.
Supply chains, which are particularly complex in the healthcare sector, are another huge vulnerability. The 2018 Ponemon Institute Survey showed that 59% of companies in the UK and U.S. had suffered a data breach via a third party while the UK's National Cyber Security Centre has highlighted examples of supply chain attacks on software providers, website builders and third party data storage facilities. In the energy sector, companies across Europe and North America have been targeted through their supply chains by compromising websites and installing malware infected files, to then infect their clients.
Employees are another weak link, either accidently or with malicious intent, can let in hackers. According to Aon, organisations often give users more robust access privileges than may be needed which increases risk.
Businesses are also subject to new regulations like the General Data Protection Regulation (GDPR), where fines could apply for allowing client data to be compromised. The co-hosted webinar between cyberwatching.eu and PANACEA in September 2019 featured a novice's guide to the GDPR for the healthcare sector, with examples of fines imposed on hospitals.
It is critical that organisations manage cyber threats by staying informed, understanding their risk profile and being proactive. In addition, businesses should share their threat intelligence, help to root out bad actors before they cause damage and prepare themselves for a cyber-attack.
PANACEA Research perspectives: As a partner in PANACEA, Aon Italy is designing a Cybersecurity Governance Model tailored to the healthcare sector. The tool comprises a Healthcare Cybersecurity Governance Tool and a Healthcare Cybersecurity Organisation Model, enabling organisational decision makers to organise their IT security or cross-department investment plan effectively and in an innovative way.
Lookout Watch entry date: 18/06/2020