The Latest Tripwire News
Product and Solution Information, Press Releases, Announcements
|Tripwire Study: Health Care IT Professionals Overconfident in Breach Detection Capabilities|
|Posted: Tue Dec 13, 2016 03:36:37 PM|
Industry leader evaluates confidence in seven key security controls required to detect cyber attacks on endpoints
PORTLAND, Ore. – December 13, 2016 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of an extensive Tripwire study conducted by Dimensional Research. The study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 101 participants from the health care sector.
Health care IT professionals participating in Tripwire’s study were overconfident in their ability to quickly collect the data needed to identify and remediate a cyber attack. For example, while less than half of the respondents (forty-nine percent) know exactly how long it would take their vulnerability scanning systems to generate an alert if unauthorized devices were detected on their networks; ninety percent believe they would be alerted within hours.
According to Verizon’s 2016 Data Breach Investigations Report, while sixty-three percent of successful system compromises in the health care industry occurred within minutes, fifty-six percent of data breaches impacting the health care sector took months to detect.
“There’s no argument that these basic controls work and contribute directly to an organization’s cyber security, yet the research shows they are not in place at enough health care organizations,” said Tim Erlin, senior director of IT security and risk strategy at Tripwire. “This is occurring at a time when the health care industry is facing unique cyber threats, from physical theft to sophisticated ransomware campaigns.”
Additional findings from the study included:
Erlin continued: “The basics of finding unauthorized devices and vulnerabilities and applying patches in a timely manner should be done at every organization in order to create a baseline of cyber security. These fundamental controls should be in place before organizations look at the latest shiny security object.”
Tripwire’s study is based on seven key security controls required by a wide variety of compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS Top 20 and IRS 1075. These controls also align with the United States Computer Emergency Readiness Team’s (US-CERT) recommendations and international guidance, such as the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions.
The recommendations and guidance include:
When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyber attacks. It is vital for organizations to identify indicators of compromise quickly, so that appropriate action can be taken before any damage is done.
For more information on this study, please visit: http://www.tripwire.com/it-resources/are-healthcare-sector-it-pros-overconfident-in-data-breach-detection-skills1/