Cyber security in highly regulated industries: What does 2018 hold?

The UDT Federal team has been focused on providing a suite of managed security services to healthcare agencies and financial regulators.

By: Jeff Engle, Vice President & General Manager, Federal

2018 has already begun with several high-profile cyber security risks such as the Spectre/Meltdown advisory. While many organizations are paying more attention to potential cyber security risks, organizations in government and highly regulated industries have extra steps to consider. Here are some key suggestions that these organizations should consider:

You must understand your environment

In the military, they preach “know your enemy, know yourself and know the terrain.” The potential attack surface is rapidly expanding as everything becomes an endpoint in the IOT or intelligent edge. Every device, web application and operating system becomes a potential route of entry or egress that puts the confidentiality, integrity, and availability of your critical systems, networks, and data at risk. A complete understanding of what you have and how it works is a key step in the determination of criticality and prioritization of system protections. The sad story is that threat actors may understand your attack surface better than you do.

Events don’t happen in a vacuum

When performing risk analysis, especially with the intent of prioritizing the remediation of vulnerabilities, it is critical that the entire context of the event is considered. Tabletop exercises are a good forum for achieving a higher fidelity characterization of the event sequence and the impact of the event on critical business/mission functions. It starts with clarity around threat actors, determination of capability and intent, and clearheaded evaluation of vulnerabilities but that is just the beginning. Organizational and system interdependencies continue to evolve and an open forum with all stakeholders is needed to ensure that controls put in place and response plans conceptualized are executable within the events context.

Culture has the biggest potential return on mitigation

Weak passwords, sharing credentials, or even losing devices are some of the easiest ways that data breaches can occur. Training and enforcement are key to equipping organizations across government and highly regulated industries to manage their cyber risk. Unfortunately, the effectiveness of those measures is wholly reliant on the culture established at the top and embraced throughout the organization. The people element can either be your biggest risk or your first line of defense.

The UDT Federal team has been focused on providing a suite of managed security services to healthcare agencies and financial regulators. Our team will provide strategic guidance and recommendations based on your business requirements that do not necessarily call for a technology-based answer. To find out more, please visit our site below.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.​

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.

5 Strategic Ways to Master Your IT Budget

Enhance finance IT efficiency with UDT and Cisco. Master IT budget planning, security, and innovation in the competitive industry.

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,