Cyber security in highly regulated industries: What does 2018 hold?

The UDT Federal team has been focused on providing a suite of managed security services to healthcare agencies and financial regulators.

By: Jeff Engle, Vice President & General Manager, Federal

2018 has already begun with several high-profile cyber security risks such as the Spectre/Meltdown advisory. While many organizations are paying more attention to potential cyber security risks, organizations in government and highly regulated industries have extra steps to consider. Here are some key suggestions that these organizations should consider:

You must understand your environment

In the military, they preach “know your enemy, know yourself and know the terrain.” The potential attack surface is rapidly expanding as everything becomes an endpoint in the IOT or intelligent edge. Every device, web application and operating system becomes a potential route of entry or egress that puts the confidentiality, integrity, and availability of your critical systems, networks, and data at risk. A complete understanding of what you have and how it works is a key step in the determination of criticality and prioritization of system protections. The sad story is that threat actors may understand your attack surface better than you do.

Events don’t happen in a vacuum

When performing risk analysis, especially with the intent of prioritizing the remediation of vulnerabilities, it is critical that the entire context of the event is considered. Tabletop exercises are a good forum for achieving a higher fidelity characterization of the event sequence and the impact of the event on critical business/mission functions. It starts with clarity around threat actors, determination of capability and intent, and clearheaded evaluation of vulnerabilities but that is just the beginning. Organizational and system interdependencies continue to evolve and an open forum with all stakeholders is needed to ensure that controls put in place and response plans conceptualized are executable within the events context.

Culture has the biggest potential return on mitigation

Weak passwords, sharing credentials, or even losing devices are some of the easiest ways that data breaches can occur. Training and enforcement are key to equipping organizations across government and highly regulated industries to manage their cyber risk. Unfortunately, the effectiveness of those measures is wholly reliant on the culture established at the top and embraced throughout the organization. The people element can either be your biggest risk or your first line of defense.

The UDT Federal team has been focused on providing a suite of managed security services to healthcare agencies and financial regulators. Our team will provide strategic guidance and recommendations based on your business requirements that do not necessarily call for a technology-based answer. To find out more, please visit our site below.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.