Don’t Cut Corners in Hybrid Cloud Protection
by Pascal Geenens
Pascal Geenens is director of threat intelligence with Radware of Mahwah, NJ.
In the past few months, several high-profile ransomware attacks on healthcare facilities in Las Vegas, Oregon, and New York have resulted in delayed or suspended surgeries and interruption of other patient care, not to mention the loss of millions of dollars to the facilities themselves.
Ransomware is but one of several attack strategies that malicious actors have employed against healthcare facilities. For example, the number of distributed denial-of-service (DDoS) attacks targeting hospitals has also increased since the beginning of 2021.
Healthcare and security teams face incredible challenges following the pandemic. Although keeping patient data available and secure is critical, it is increasingly difficult due to the array of attack vectors and cybersecurity knowledge required to mitigate them. In addition, several mergers of healthcare providers have introduced additional complexity in networks that can overwhelm security teams.
Remote access and online services, such as streaming doctor/patient consultations and online electronic medical records (EMR), have seen exponential growth. Healthcare organizations have had to manage and secure large volumes of patient data and provide 24×7 access to critical applications to ensure a quality user experience and the ability to protect lives. As a result, healthcare remains one of the highest at-risk industries from cybercriminals.
Much of the issue can be traced to the transition — accelerated by COVID-19 — to public clouds, network-connected devices, and the move towards online and application-based services, which mean more vulnerabilities and data breaches. When healthcare services and applications go down, healthcare providers suffer productivity and operational losses, negative customer experiences, and intellectual property losses.
Based upon the results of several industry surveys, don’t expect this race to the cloud to revert. Hybrid cloud configurations are here to stay. Because of the new reality, IT administrators and hackers now have identical access to publicly hosted workloads, using standard connection methods, protocols, and public APIs. As a result, the whole world becomes an insider threat. Workload security, therefore, is defined by the people who can access those workloads, and the permissions they have.
The question then becomes, should healthcare enterprises focus protection on-premises or the cloud? The answer is unequivocally both.
Part of the reason is because another aspect to consider when moving applications to the cloud is the connectivity and accessibility of those applications. When the internet connection from the hospital is suffering from a degraded or total loss of connectivity, all activities come to a grinding halt. Protecting connectivity only with on-premises equipment leaves organizations too vulnerable. On-premises detection and mitigation alone prevented 85% of DDoS cyberattacks, but the other 15% required cloud DDoS protection. Because of the latency introduced by cloud DDoS protection, enterprises sometimes rely only on on-premises protection.
This is a mistake, because even though only 15% of attacks required cloud protection, those attacks represented 92% of attack volume and 84% of the packets. In hybrid deployments, the cloud handles the volumetric attacks while on-premise will typically handle low-and-slow and low-volume DDoS attacks, as well as anomalies and intrusions.
While healthcare organizations face unprecedented challenges, cutting corners in cyber protection isn’t a viable option. Especially during a rapid and complex transition to the cloud, enterprises can’t afford to neglect either on-premises or cloud protections.