Cybersecurity as a ‘Team Sport’: Governance, Organization, Strategy and Tactics | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cybersecurity as a ‘Team Sport’: Governance, Organization, Strategy and Tactics

February 17, 2017
by Rob Faix, Impact Advisors
| Reprints

Executive Summary: Thirteen chief information officers (CIOs) and chief information security officers (CISOs) of leading health systems gathered in Chicago to share best practices and lessons learned regarding information-security programs. These healthcare executives also explored lessons from other industries on innovative cybersecurity strategies. This report captures their discussion and shared insights.

Summit Participants: Mary Alice Annecharico, SVP and CIO, Henry Ford Health System; David Bensema, M.D., CIO, Baptist Health; Fernando Blanco, VP and CISO; CHRISTUS Health; Erik Decker, CISO, University of Chicago Medicine; Michael Erickson, CISO, Baptist Health; Jim Hanson, Regional Information Officer, Avera; Meredith Harper, Chief Information Privacy and Security Officer, Henry Ford Health System; David Jahne, IT Security Senior Director, Banner Health; Lenny Levy, VP and CISO, Spectrum Health; Jonathan Manis, SVP and CIO, Sutter Health; Patrick O’Hare, SVP, Facilities and CIO, Spectrum Health; Jim Veline, SVP and CIO, Avera; Larry Yob, National Security Senior Director, Ascension Health

Organizer: Scottsdale Institute; Sponsor: Impact Advisors; Moderators: Impact Advisors— Rob Faix and Tim Zoph

Introduction

2016 may be considered the Year of Information Security in light of numerous high-profile security events impacting healthcare and non-healthcare organizations alike. In October, leadership representing Information Technology and Information Security functions from Scottsdale Institute member health systems came together to share their perspectives, experiences and strategies for advancing the effectiveness of Information Security Programs. Joining these healthcare leaders were two guest speakers from the financial industry to provide an “outsider’s” perspective on the types of challenges and strategies they have encountered for addressing security threats, training and overall management of their security programs.

Webinar

Components of Strong Cybersecurity Program - A Closer Look at Endpoint Security Best Practices

Endpoint protection remains a core security challenge for many healthcare organizations and it is more important than ever for healthcare organizations to actively manage their full range of...

Moderator Tim Zoph opened the session with his observations on the threats faced by the healthcare industry and the accelerated pace with which new threat vectors are exploited. He balanced these comments with observations that many of the basic activities, such as properly maintaining systems, remain a challenge to the industry. The list below represents a summation of some of the key responses from participants when asked what keeps them up at night:

>             Developing effective engagement strategies with Executives and Boards of Directors.

>             Rate of emerging threats impacting the healthcare industry and our ability to keep up.

>             Maintaining a good balance between process engineering and workflow impact to people when addressing risks.

>             Biomed equipment management, updating and segregation.

>             Total number of end points that continue to grow throughout the organization.

>             Ability to attract and retain talented people and training staff to achieve the organizational goals.

>             “Hactivitists”—People motivated by political reasons to cause an intrusion.

>             Achieving a reasonable information-security budget.

>             Increasingly sophisticated attacks and new markets created as a result of hackers’ ability to monetize data thefts.

>             Volume of new applications being proposed and an organization’s ability to vet applications properly.

Gathering Threat Intelligence and Communicating Risk

No shortage of threat-intelligence sources exist in the market today. Meredith Harper, Chief Information Privacy & Security Officer at Henry Ford Health System, said her organization is a member of the National Health Information Sharing and Analysis Center (NH-ISAC). Most agreed there is value in subscribing to third-party sources and some noted use of NTT Security SERT, InfraGard and similar organizations for gathering threat intelligence. Simmons cautioned those organizations who pay for more than one intelligence service should carefully review and compare the content across vendors to ensure they are not receiving potentially duplicative information. He noted that he participates in monthly meetings in Chicago with about 80 CISOs who share information and respond to specific questions in various email chains. Most attendees confirmed they actively participate in information-security groups in their respective regions.

As the topic of information security continues to increase in importance, it is incumbent upon information-security professionals to manage executive expectations and adroitly engage senior leadership. Today, executive engagement ranges widely from “check-the-box discussions” to highly-engaged leaders who crave deeper understanding of security events or the state of the overall information-security programs. Not surprisingly, the visibility of information-security programs increased significantly in the wake of suspected breaches. Patrick O’Hare, SVP, Facilities & Chief Information Officer at Spectrum Health, said, “It’s not an issue of ‘if’ you’ll be breached, but ‘when’ and will you know that you have in fact been breached.” Key to success with executive leadership and boards of directors is to maintain the conversation as a business conversation, not a technical one. Successful CISOs need to have the ability to translate IT risk into business risk.

Jonathan Manis, Sutter Health SVP & CIO, added to this thought: “My responsibilities are to identify risks and escalating threats, document-mitigation strategies, develop recommendations and then assist our operational and clinical leaders to make the best possible decisions regarding how we address, resolve and mitigate those risks.” Complicating the situation is the reality that generational challenges may exist and hamper clear communication of risk to various leaders in an organization. To mitigate this issue, some organizations have elected to add a more technically savvy member to the Board of Directors who can serve as a liaison between IT and executive leadership. Mary Alice Annecharico, SVP & CIO at Henry Ford Health System, noted that the Henry Ford senior leadership and system board have become much more engaged in the information security conversation as well.

Perception and Reality of Information Security Programs

Opinions in the room covered the full spectrum of expectations when discussing the reality that a breach may occur. Some said their leadership clearly understands they will experience a breach event someday and have resolved that cybersecurity insurance is not only necessary, but will likely be called upon to offset the financial impact of such an event. Others noted their senior leadership expects no breaches whatsoever, a position everyone agreed was untenable in today’s world. The group agreed that the complexity of cybersecurity threats are evolving rapidly and we, as information-security professionals, must continually advance the maturity of our programs and tactics to address the true nature of each threat. Manis noted that in today’s environment, regulators tend to punish the victims of cybercrimes and we need to refocus attention on the prosecution and punishment of the criminals who perpetrate these crimes, not the organizations victimized by them. The room fervently agreed, universally noting that they are fatigued from playing defense from an auditing and compliance perspective and strongly recommend a more proactive position to prevention and early detection of cyber threats to reduce the likelihood and impact of costly data breach events. One of the participants weighed in by saying, “In the end, when we truly measure risk, regardless of a risk rating assigned to a given component of our infrastructure, the feeling is that risk is ‘OK’ until it isn’t. Organizations are often willing to accept a risk until the actual breach occurs and, by then, it’s too late.”

Funding of Information Security Programs

Jim Veline, Avera SVP & CIO, opened a discussion around the percentage of funding directed toward information-security programs, which he asserts is extremely small considering the value to the organization. “Look at the percentage of an IT budget that is directed to information security, it’s a pretty small number,” he said. “Then consider that the percentage of an IT budget to that of the enterprise is also a relatively small number. Net this out and you’ll see that information-security spend compared to the enterprise is likely a fraction of a single percent when compared to the enterprise. It just doesn’t seem right given the task at hand.” Annecharico added that there are so many inefficiencies in our industry, as CIOs we need to identify and prioritize those areas that are opportunities to reduce spending, how to work together across the industry on common solutions, and then consider redirecting available funds to support our ongoing information-security programs.

Tactics for Educating the User Community

David Jahne, IT Security Senior Director at Banner Health, shared his concerns in getting the security message to users: “How do we shore up and get the attention of people who need to hear this message? How do we create an information security culture in the DNA of an organization?” Scot Pflug described the information-security awareness program that he has used, which leverages a variety of communication strategies, training and white papers to get the security message out to his user community. Among other strategies, he publishes a quarterly security newsletter to educate users, with each issue containing five bullet points on how to avoid being a victim of phishing attacks. “My goal with these five bullet points is to continue to put them in the newsletter until people start to ask, ‘Why does he keep putting this in there?’ That’s when I’ll know the message has truly been received.” Pflug added that his goal is to have an organization filled with what he calls “Human Sensors,” the frontline employees who are aware and remain vigilant to potential security threats.

Simmons said one of his main goals is to attend at least one meeting each year for each of the primary business units of his organization to discuss in-person the importance of good security practices and to educate team members on organizational expectations. In response to a question by Fernando Blanco, VP & CISO at CHRISTUS Health, regarding strategies to avoid the “numbing effect” of a recurring information-security awareness message, Simmons said, “We need to talk about an experience, not about numbers. Avoid making the conversation about comparative statistics of progress in the current period compared to the last period. We need to tell effective business stories related to risk if we are going to connect with non-IT leaders.”

Ransomware, Biomedical Devices and Other Information Security Threats

In 2015 and 2016, the emerging threat of ransomware garnered a tremendous amount of visibility in the healthcare industry with several high-profile attacks impacting organizations that grabbed the attention of many in the C-suite. Most agreed ransomware has elevated the visibility and value of information-security programs within their organizations more so than any other non-breach event in the past. One of the CISOs expressed his dislike for the term “ransomware”, as it’s only a symptom of a larger problem. “The bigger issue is that we are a digital industry today and many of our systems, notably biomedical devices, were not designed with security in mind. Biomedical devices as a threat vector rank among the greatest targets in the healthcare industry.” Jim Hanson, Avera Regional Information Officer, echoed this concern, noting that one of the things that keeps him up at night is “biomed equipment and the number of end points that continue to grow throughout my organization.” The participants seemed split when discussing whom biomed currently reports to within their respective organizations, with some having this as an IT function and others as a more traditional facilities function. Harper said, “Bringing biomed into IT was a great idea because it empowered us to manage the devices.”

A lively discussion erupted about the shared concerns with engaging third-party vendors, sharing of data with these vendors and how these concerns are further compounded when using a “cloud-based” solution. Participants voiced their frustration with the level of pushback they frequently receive from third-party vendors when it becomes necessary to conduct a risk assessment of the third-party solution. One of the participants commented, “No other healthcare organization has asked us to complete a risk assessment and we’re in ‘n’ number of organizations throughout the country,” is a response often stated by third-party vendors. This statement elicited a slight chuckle from the room as nearly everyone had heard a similar line from one or more of their third-party vendors. Seeking a solution, the group discussed a desire to create a healthcare information-security alliance that would offer a universally accepted risk assessment to be issued to vendors once and accepted by alliance members. This approach would also benefit vendors themselves as they would only need to complete the risk assessment once, thereby saving time and accelerating the overall conversation with various organizations. Veline noted, “There is value in the way we communicate with each other regarding third-party relationships. If we could all just talk with each other and identify those specific vendors that are problematic, we could all benefit.”

When the discussion turned to other areas of concern, the group centered on the Internet of Things (IoT), an especially timely topic as the Distributed Denial of Service (DDoS) attack which impacted significant portions of the Internet and high-profile services had occurred in the prior week. The attack’s success has been largely attributed to exploitation of various devices constituting the Internet of Things. Manis suggested, “Of all the important things we’ve discussed today, the “Internet of Things” concerns me the most. In our increasingly mobile, digital society, virtually everything is addressable and can be connected—wearable health monitors; exercise equipment; kitchen appliances; weight scales; coffee makers; self-service, home diagnostic tests; even over-the-counter pregnancy tests. Healthy individuals and those individuals with chronic, but well-managed medical conditions will want data from these devices in their personal health and wellness records so they can maintain and manage their own health. My concern is that each of these devices may represent a new attack vector for those with criminal intent.” Adding to the sheer amount of data which may be generated from various medical devices, Annecharico noted, “As we look toward clinically relevant conversations with CMIOs, it’s very difficult to look at what is the sweet spot for valuable data to help make better clinical decisions and what is simply useless data.” Key to the successful management of this clinical data is to establish meaningful conversations with IT about sources and methods for collecting, reviewing, accepting and integrating patient-generated health data and to ensure its accuracy. David Bensema, MD, CIO, Baptist Health, suspects that, “Patients may tend to submit the good information and not the bad and we’re getting filtered data. We need to be careful to not overwhelm clinicians. Sometimes being ‘patient centric’ means saying ‘no’ to patients offering to share their Fitbit steps as part of their legal medical record.”

Conclusion

Participants of the CISO Summit expressed their sincere appreciation to both Ralston Simmons and Scot Pflug as guests representing the financial industry for their candor and willingness to share a realistic view of the state of information security for their industry and agreed that continued dialogue with one another was crucial to keep current on cybersecurity issues, trends and resources. Specifically, participants acknowledged the value in efforts such as these:

>             Share information with one another on an ongoing basis regarding vendor risk-assessment results, product-specific security-controls issues and negotiated rates for National Health Information Sharing and Analysis Center (NH – ISAC) support.

>             Join local and statewide cross-industry collaboration networks, as specific security threats may be common across industries.

>             Identify organizational culture education techniques that have been successful in reducing internal security threats, including phishing campaigns, incident-response planning and “tabletop” exercises, and department-specific security-risk awareness programs. Avoid mind-numbing statistics; instead become story tellers to help employees understand the significance of risk and their role in preventing breaches.

>             Engage the board and C-suite by maintaining cybersecurity as a business conversation, not a technical one. Translate IT risk into business risk and manage expectations adroitly. Lobby for adding a board member who’s security savvy and can act as a liaison between the board and IT.

>             Lobby for increased cybersecurity funding to better reflect the potential cost of cybersecurity breaches to healthcare organizations. In an increasingly cost-constrained environment, breaches result in less funding for care delivery needs.

>             Bring biomed under IT for better security control.

>             Aggressively manage vendors—especially cloud-based firms—by insisting upon risk assessments and not allowing them to dictate terms based on previous clients or industries. They’ll eventually fall in line.

>             Join forces to create a healthcare security alliance that can develop a universal risk assessment. This will be a win-win for health systems and vendors.

>             Address the Internet of Things (IoT) by learning to separate clinically valuable information from useless data. FitBits need not apply as patient-generated data.    

>             Address potential risks associated with mergers, acquisitions and new program launches with specific policies regarding business-associate documentation, contract reviews and physical security considerations.

>             Shift the conversation internally to focus on the criminals and not the victims of attacks.

 


The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


/article/cybersecurity/cybersecurity-team-sport-governance-organization-strategy-and-tactics
/news-item/cybersecurity/ocr-fines-providers-hipaa-violations-failure-follow-basic-security

OCR Fines Providers for HIPAA Violations, Failure to Follow “Basic Security Requirements”

December 12, 2018
by Heather Landi, Associate Editor
| Reprints

Florida-based Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) for a number of HIPAA compliance failures, including sharing protected health information with an unknown vendor without a business associate agreement.

ACH provides contracted internal medicine physicians to hospitals and nursing homes in west central Florida. ACH provided services to more than 20,000 patients annually and employed between 39 and 46 individuals during the relevant timeframe, according to OCR officials.

Between November 2011 and June 2012, ACH engaged the services of an individual that claimed to be a representative of a company named Doctor’s First Choice Billings, Inc. (First Choice). The individual provided medical billing services to ACH using First Choice’s name and website, but allegedly without the knowledge or permission of First Choice’s owner, according to OCR officials in a press release published last week.

A local hospital contacted ACH on February 11, 2014 and notified the organization that patient information was viewable on the First Choice website, including names, dates of birth and social security numbers. In response, ACH was able to identify at least 400 affected individuals and asked First Choice to remove the protected health information from its website. ACH filed a breach notification report with OCR on April 11, 2014, stating that 400 individuals were affected; however, after further investigation, ACH filed a supplemental breach report stating that an additional 8,855 patients could have been affected.

According to OCR’s investigation, ACH never entered into a business associate agreement with the individual providing medical billing services to ACH, as required by the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, and failed to adopt any policy requiring business associate agreements until April 2014. 

“Although ACH had been in operation since 2005, it had not conducted a risk analysis or implemented security measures or any other written HIPAA policies or procedures before 2014. The HIPAA Rules require entities to perform an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of an entity’s electronic protected health information,” OCR officials stated in a press release.

In a statement, OCR Director Roger Severino said, “This case is especially troubling because the practice allowed the names and social security numbers of thousands of its patients to be exposed on the internet after it failed to follow basic security requirements under HIPAA.”

In addition to the monetary settlement, ACH will undertake a robust corrective action plan that includes the adoption of business associate agreements, a complete enterprise-wide risk analysis, and comprehensive policies and procedures to comply with the HIPAA Rules. 

In a separate case announced this week, OCR also fined a Colorado-based hospital, Pagosa Springs Medical Center, $111,400 to settle potential HIPAA violations after the hospital failed to terminate a former employee’s access to electronic protected health information (PHI).

Pagosa Springs Medical Center (PSMC) is a critical access hospital, that at the time of OCR’s investigation, provided more than 17,000 hospital and clinic visits annually and employs more than 175 individuals.

The settlement resolves a complaint alleging that a former PSMC employee continued to have remote access to PSMC’s web-based scheduling calendar, which contained patients’ electronic protected health information (ePHI), after separation of employment, according to OCR.

OCR’s investigation revealed that PSMC impermissibly disclosed the ePHI of 557 individuals to its former employee and to the web-based scheduling calendar vendor without a HIPAA required business associate agreement in place. 

The hospital also agreed to adopt a substantial corrective action plan as part of the settlement, and, as part of that plan, PSMC has agreed to update its security management and business associate agreement, policies and procedures, and train its workforce members regarding the same.

“It’s common sense that former employees should immediately lose access to protected patient information upon their separation from employment,” Severino said in a statement. “This case underscores the need for covered entities to always be aware of who has access to their ePHI and who doesn’t.”

Covered entities that do not have or follow procedures to terminate information access privileges upon employee separation risk a HIPAA enforcement action. Covered entities must also evaluate relationships with vendors to ensure that business associate agreements are in place with all business associates before disclosing protected health information. 

 

More From Healthcare Informatics

/news-item/cybersecurity/eye-center-california-switches-ehr-vendor-following-ransomware-incident

Eye Center in California Switches EHR Vendor Following Ransomware Incident

December 11, 2018
by Rajiv Leventhal, Managing Editor
| Reprints

Redwood Eye Center, an ophthalmology practice in Vallejo, Calif., has notified more than 16,000 patients that its EHR (electronic health record) hosting vendor experienced a ransomware attack in September.

In the notification to the impacted patients, the center’s officials explained that the third-party vendor that hosts and stores Redwood’s electronic patient records, Illinois-based IT Lighthouse, experienced a data security incident which affected records pertaining to Redwood patients. Officials also said that IT Lighthouse hired a computer forensics company to help them after the ransomware attack, and Redwood worked with the vendor to restore access to our patient information.

Redwood’s investigation determined that the incident may have involved patient information, including patient names, addresses, dates of birth, health insurance information, and medical treatment information.

Notably, Redwood will be changing its EMR hosting vendor, according to its officials. Per the notice, “Redwood has taken affirmative steps to prevent a similar situation from arising in the future. These steps include changing medical records hosting vendors and enhancing the security of patient information.”

Ransomware attacks in the healthcare sector continue to be a problem, but at the same time, they have diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a recent report from cybersecurity firm Cryptonite.

Related Insights For: Cybersecurity

/news-item/cybersecurity/report-30-percent-healthcare-databases-exposed-online

Report: 30 Percent of Healthcare Databases Exposed Online

December 10, 2018
by Heather Landi, Associate Editor
| Reprints

Hackers are using the Dark Web to buy and sell personally identifiable information (PII) stolen from healthcare organizations, and exposed databases are a vulnerable attack surface for healthcare organizations, according to a new cybersecurity research report.

A research report from IntSights, “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,” gives an account of how hackers are tracking down healthcare personally identifiable information (PII) data on the Dark Web and where in the attack surface healthcare organizations are most vulnerable.

The report explores a key area of the healthcare attack surface, which is often the easiest to avoid—exposed databases. It’s not only old or outdated databases that get breached, but also newly established platforms that are vulnerable due to misconfiguration and/or open access, the report authors note.

Healthcare organizations have been increasingly targeted by threat actors over the past few years and their most sought-after asset is their data. As healthcare organizations attempt to move data online and increase accessibility for authorized users, they’ve dramatically increased their attack surface, providing cybercriminals with new vectors to steal personally identifiable information (PII), according to the report. Yet, these organizations have not prioritized investments in cybersecurity tools or procedures.

Healthcare budgets are tight, the report authors note, and if there’s an opportunity to purchase a new MRI machine versus make a new IT or cybersecurity hire, the new MRI machine often wins out. Healthcare organizations need to carefully balance accessibility and protection.

In this report, cyber researchers set out to show that the healthcare industry as a whole is vulnerable, not due to a specific product or system, but due to lack of process, training and cybersecurity best practices. “While many other industries suffer from similar deficiencies, healthcare organizations are particularly at risk because of the sensitivity of PII and medical data,” the report states.

The researchers chose a couple of popular technologies for handling medical records, including known and widely used commercial databases, legacy services still in use today, and new sites or protocols that try to mitigate some of the vulnerabilities of past methods. The purpose of the research was to demonstrate that hackers can easily find access to sensitive data in each state: at rest, in transit or in use.

The researchers note that the tactics used were pretty simple: Google searches, reading technical documentation of the aforementioned technologies, subdomain enumeration, and some educated guessing about the combination of sites, systems and data. “All of the examples presented here were freely accessible, and required no intrusive methods to obtain. Simply knowing where to look (like the IP address, name or protocol of the service used) was often enough to access the data,” the report authors wrote.

The researchers spent 90 hours researching and evaluated 50 database. Among the findings outlined in the report, 15 databases were found exposed, so the researchers estimate about 30 percent of databases are exposed. The researchers found 1.5 million patient records exposed, at a rate of about 16,687 medical records discovered per hour.

The estimated black-market price per medical record is $1 per record. The researchers concluded that hackers can find a large number of records in just a few hours of work, and this data can be used to make money in a variety of ways. If a hacker can find records at a rate of 16,687 per hour and works 40 hours a week, that hacker can make an annual salary of $33 million, according to the researchers.

“It’s also important to note that PII and medical data is harder to make money with compared to other data, like credit card info. Cybercriminals tend to be lazy, and it’s much quicker to try using a stolen credit card to make a fraudulent purchase than to buy PII data and run a phishing or extortion campaign. This may lessen the value of PII data in the eyes of some cybercriminals; however, PII data has a longer shelf-life and can be used for more sophisticated and more successful campaigns,” IntSights security researcher and report author Ariel Ainhoren wrote.

The researchers used an example of hospital using a FTP server. “FTP is a very old and known way to share files across the Internet. It is also a scarcely protected protocol that has no encryption built in, and only asks you for a username and password combination, which can be brute forced or sniffed

by network scanners very easily,” Ainhoren wrote. “Here we found a hospital in the U.S. that has its FTP server exposed. FTP’s usually hold records and backup data, and are kept open to enable backup to a remote site. It could be a neglected backup procedure left open by IT that the hospital doesn’t even know exists.”

According to the report, hackers have three main motivations for targeting healthcare organizations and medical data:

  • State-Sponsored APTs Targeting Critical Infrastructure: APTs are more sophisticated and are usually more difficult to stop. They will attempt to infiltrate a network to test tools and techniques to set the stage for a larger, future attack, or to obtain information on a specific individual’s medical condition.
  • Attackers Seeking Personal Data: Attackers seeking personal data can use it in multiple ways. They can create and sell PII lists, they can blackmail individuals or organizations in exchange for the data, or they can use it as a basis for further fraud, like phishing, Smishing, or scam calls.
  • Attackers Taking Control of Medical Devices for Ransom: Attackers targeting vulnerable infrastructure won’t usually target healthcare databases, but will target medical IT equipment and infrastructure to spread malware that exploits specific vulnerabilities and demands a ransom to release the infected devices. Since medical devices tend to be updated infrequently (or not at all), this provides a relatively easy target for hackers to take control.

The report also offers a few general best practices for evaluating if a healthcare organization’s data is exposed and/or at risk:

  • Use Multi-Factor Authentication for Web Applications: If you’re using a system that only needs a username and password to login, you’re making it significantly easier to access. Make sure you have MFA setup to reduce unauthorized access.
  • Tighter Access Control to Resources: Limit the number of credentials to each party accessing the database. Additionally, limit specific parties’ access to only the information they need. This will minimize your chance of being exploited through a 3rd party, and if you are, will limit the damage of that breach.
  • Monitor for Big or Unusual Database Reads: These may be an indication that a hacker or unauthorized party is stealing information. It’s a good idea to setup limits on database reads and make sure requests for big database reads involve some sort of manual review or confirmation.
  • Limit Database Access to Specific IP Ranges: Mapping out the organizations that need access to your data is not an easy task. But it will give you tighter control on who’s accessing your data and enable you to track and identify anomalous activity. You can even tie specific credentials to specific IP ranges to further limit access and track strange behavior more closely.

 

See more on Cybersecurity

betebet sohbet hattı betebet bahis siteleringsbahis