Vectra AI has released its 2020 Spotlight Report on Healthcare, which shows an upward trend in exploitable behaviours and discredits claims that external threats would lead to increased internal threat activity.
The latest Spotlight Report on Healthcare is based on observations and data from January-May of this year using a sample of 363 opt-in enterprise organisations in healthcare and eight other industries.
The COVID-19 pandemic has sparked the global adoption of cloud services across all industries. However, healthcare has suffered the most sudden and rapid pivot to support overwhelmed infrastructure and increased collaboration using the same strapped IT and security resources.
“Healthcare providers have been tasked with quickly leveraging remote access and cloud analytics to scale their operations,” said Chris Morales, head of security analytics at Vectra. “While cloud computing better optimises the use of resources in healthcare, it also creates significant risks. This is especially true when cloud adoption happens faster than proper due diligence can be applied by information security personnel. This trend will persist well after the pandemic.”
Security teams must now urgently grapple with where healthcare data resides and how to safeguard it. To do so requires pan-organisational cooperation among IT and security teams as well as visibility that integrates the cloud and the on-premises infrastructure to enable a truly comprehensive threat detection and response capability.
The Vectra report investigated network behaviours that are consistent with threats across the entire cyberattack lifecycle – botnet monetisation, command and control, internal reconnaissance, lateral movement, and data exfiltration. Upon closer examination, these behaviours were found to be from cloud migration activities, and not attackers.
It found that there was a 38 percent increase in command-and-control behaviours from January-May 2020, which indicates remote access of internal systems by the remote workforce. It also noted that data exfiltration behaviours have doubled, which indicates data leaving internal healthcare networks to external destinations like cloud services.
Figures from Europe, the Middle East, and Africa (EMEA) and North America, have shown an increase in the volume of external data movement, known as exfiltration. This is consistent with cloud migration.
Finally, the study revealed that smash-and grab behaviours as well as data smuggler activities have increased significantly.
For healthcare organisations, the migration of data to the cloud was already in motion, and COVID-19 has accelerated this transition and the policies that govern it. NDR is an effective approach for the detection and response to attackers that circumvent or defeat defensive controls and gain an operating capability inside an organisation’s infrastructure.