A new report by Black Book Market Research predicts that data breaches in the healthcare industry are likely to triple in volume in the coming year. The “2020 State of the Healthcare Cybersecurity Industry” report surveyed over 2,400 security professionals.
The survey found that 75% of the organizations responding felt they were unprepared to respond to cyberattacks and almost all (96%) felt that cyber criminals were ahead and outpacing their organizations.
Survey respondents were asked to identify gaps, vulnerabilities, and deficiencies in their organization’s security that could make them vulnerable to data breaches and cyberattacks. The results of the study concluded that 1,500 healthcare providers are vulnerable to data breaches of 500 or more records, an estimated 300% increase over 2020.
Add this to the talent shortage felt across the security industry, which was confirmed in a different Black Book survey, and there’s a lot to worry about in the health care industry. That second survey also found that cybersecurity jobs in healthcare take 70% longer to fill than other IT jobs. The study also found that healthcare organization’s willingness to pay ransomware demands has increased the number of cyberattacks.
With this increase in cyber attacks on healthcare organizations and the advanced nature of these threats, including those that attack web applications, organizations in healthcare may also need to re-evaluate their approach to security. With less resources and less cyber security professionals healthcare organizations need to find better ways to protect their data and applications in the cloud that require less resources from their security staff.
While many organizations may be using system and network based security, it’s important to remember to have a security framework that offers a defense-in-depth architecture. Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) as an added layer of security in the framework.
RASP solutions like the one from K2 Cyber Security offer significant application protection, including protection of vulnerable applications (and the data they have access to), while at the same time using minimal resources and adding negligible latency to an application. K2 Security Platform uses runtime deterministic security to monitor the application and has a deep understanding of the application’s control flows, DNA and execution. By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack. Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten, including XSS and SQL Injection.
By focusing on only the security threats that can cause damage, there are less false alerts and informational alerts that use up a security professional’s valuable time.
K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution. K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application. To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.
Change how you protect your applications, and check out K2’s web application and application workload security solution and evaluate K2’s effectiveness at detecting and protecting your organization from attacks.