Bad actors are not limited to Hollywood.
According to the 2019 Verison Data Breach Investigations Report, (DBIR) 59% of healthcare breaches exposing corporate data to an unauthorised 3rd party were caused by internal actors. This paper outlines how a CISO can plan and build a secure defence against these bad actors
The Healthcare industry stands out as a leader in securing data, because it is highly regulated and is required to report in more detail than most industries, but costly internal data breaches are seen across all industries. What is the bad actor insider threat?
An insider threat is a malicious threat or a well-intentioned employee error that originates within the targeted organisation for the purpose of negatively impacting the business.
These threats come from people such as employees, former disgruntled employees, contractors or business associates within the organisation who abuse data access and privileges.
Organisations fail to develop a mature security strategy because they have no idea how many assets are on their networks, where they are, who owns them and what role the assets play to deliver business-critical services. The Verison 2019 report identified that out of 41,686 security incidents across all industries 34% involved internal actors.
Compliance is Critical
Companies that deal with Protected Health Information (PHI) are required by The United States Health and Human Services (HHS) to develop a security strategy that has physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Identifying and building a security defense against those attack vectors is difficult because of a number of reasons including:
Consider a Service-Centric Security Approach
The Service-Centric approach enables an IT professional to take a methodical step-by-step approach to this problem and continually, assess, improve, and mature over time.