5 tips to thwart medical device attacks
Medical devices can be an easy gateway for hackers to steal valuable information. This advice will lower the risk of that happening. For those who do manage medical device security internally, experts offer this advice:
Invest in deception tech
Carolyn Crandall, chief deception officer for security company Attivo Networks, says, “Healthcare IT teams need tools in their arsenal that not only defend the network perimeter but also help them detect and respond to in-network threats quickly, efficiently, and effectively.” These tools, of course, include a technology Attivo sells: deception software.
Don’t be so quick to dismiss Crandall’s advice just because she’s a vendor. “Deception is an emerging security control driven by the need to reduce attacker dwell time,” she explains, adding that the average U.S. hack remains undetected for 100 days. Some hospitals use next-gen firewalls for protection, she continues, “but these [are] centered on signature or database look-up” and don’t protect against credential harvesting. As DiPietro pointed out, once hackers have the right credentials, they can waltz right through.
Deception tech, Crandall explains, creates an “endpoint where deceptive credentials and bait are strategically placed to entice an attacker into harvesting them.” This, she says, sets up a trap for security teams to catch medical device hacks before they happen.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise