Cyber hackers are an opportune group of people, hunting like predators and shifting their approach as needed. And now, they’re leveraging the concern and — in some cases — hysteria about the coronavirus outbreak to advance their nefarious objectives.
According to multiple cybersecurity experts, hackers are playing on the public’s fear of the coronavirus to steal passwords and spread malware, reports Vice. Using simple phishing techniques, bad actors are targeting individuals with emails that appear to come from an official source, such as the Centers for Disease Control (CDC). The emails purport to share helpful information about the virus and encourage readers to open an attachment which then downloads malware — in this case, the increasingly popular Emotet strain — to infect their computer and gather personal information.
Could healthcare organizations be the next target?
While current reports indicate that only private citizens have been targeted so far, it’s not unreasonable to assume that cyber criminals may soon have businesses and other organizations in their sights.
The healthcare sector, for instance, is particularly at risk. Healthcare workers or administrative staff are low hanging fruit for today’s opportunistic hackers. As they seek answers to important questions in a time of crisis, these employees may be susceptible to a hoax email that appears to come from a trusted government body such as the CDC.
This is hugely problematic for healthcare companies who are already struggling to reduce cybersecurity risk.
Indeed, hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) these organizations store and the vital role they play in our nation’s critical infrastructure. This risk is intensified by the fact that the systems and networks of companies in this sector are highly vulnerable to attack or are already compromised. Indeed, our own study shows that only 50% of healthcare companies have adequate security postures — the other 50% are at a high risk of a breach.
How to mitigate the risk of opportunistic cyber attacks
There are several steps that organizations, in any sector, can take to reduce the risk associated with opportunistic cyber threats such as the one tied to the coronavirus.
First, organizations must implement effective security awareness training, such as teaching employees how to recognize and report phishing attempts. While people are sometimes painted as a company’s weakest security link, they can also be an organization’s best defense against cyber attacks.
Next, businesses must take steps to ensure they are being proactive in how they approach cyber risk reduction. In far too many situations, healthcare companies wait until a breach or a cyber event has taken place to take action and respond to potential risk. At that point, it’s too late to do anything more than clean up the mess that they’ve gotten into. Instead, they need to get one step ahead of that threat by reducing vulnerabilities in their security infrastructure and continuously monitoring it to alert them should any security gaps or risks arise.
That’s where security ratings can help healthcare organizations address these challenges efficiently and effectively. Security ratings enable security and risk leaders to thoroughly, accurately, and continuously measure and monitor the success of their own internal security performance management programs. With these insights, they can take measures to improve their security postures and respond more effectively and efficiently to unexpected threats — the moment they arise.
Don’t ignore the risk lurking in third-party networks
It’s also important to remember that risk often originates outside the four walls of a business. Third parties are a worrisome source of risk for healthcare organizations and are targeted by threat actors with the intent of penetrating the upstream networks of hospitals and health systems. To combat this threat, healthcare organizations need a way to gain visibility into the security postures of these third parties and continuously monitor them over time for potential security gaps or malware infections.
Prepare for tomorrow’s threats today
No one could have predicted the coronavirus outbreak, nor its cybersecurity ramifications. But this lack of foresight means it is more important than ever that organizations and individuals do all they can to prepare for new and evolving threats. With the proper cybersecurity awareness training and the ability to continuously monitor for risk and changes in their security postures — such as an unsecured port, malware infection, or other vulnerability — the healthcare sector and other industries can deal with these threats more quickly and efficiently.