What is Your Cyber Protection Game Plan?
Contributed by Black Talon Security
What is Your Cyber Protection Game Plan?
Ask most defensive coordinators in the NFL the question “What Wins Championships” and they’re likely to answer that a dominant defense always wins. Ask most offensive coordinators that same question and you’re likely to receive the opposite answer. If you ask most head coaches that very same question, most will tell you that a great offense and a great defense are both necessary to win. The head coach is ultimately responsible for the entire team and, while they may receive the most glory when their team wins, they also tend to bear the brunt of the blame when they lose. Most dental practices today have a “JV defense” in place with little to no offense. To win the battle against criminal opponents, you must have both a strong offense and defense in place.
As the owner (head coach) of your Endodontic practice, are you confident that you have effective offensive and defensive strategies in place to protect your practice from a possible cyberattack or ransomware event? If not, then it is time to draw up an actual game plan that will put you in the position to win the fight against criminal organizations. As the target on the back of dental practices grows larger and larger each year, changing your approach to how you are protecting your business must be one of your top priorities.
How To Begin Creating Your Game Plan?
Unlike head coaches for athletic teams, you don’t have the luxury of watching your opponent’s game tapes to learn what makes them successful and where they have weaknesses. If such a thing even existed, you would be forced to study the patterns and tactics of hundreds of adversaries. What you do have access to is cybersecurity companies who perform forensic investigations into attacks that have successfully targeted the dental community. These companies know how the criminals win and what their game plan is to beat their next opponent. Credentialed, certified cybersecurity experts are your cyber “offensive and defensive coordinators” who assist and work with your internal/external IT resources to strengthen your existing security posture. If you were to ask these “cyber coordinators” what an effective strategy is to beat your adversaries, they will tell you that both offensive and defensive game plans are required. Working with a good IT provider is important but they are not cybersecurity experts and lack the tools and expertise to protect you from well-funded, highly sophisticated criminal hacking groups. Practices must have a clear distinction between IT and cybersecurity companies, so that there are effective checks and balances to mitigate cyber risk. This distinction has become the norm in the medical and financial industries and needs to become the standard in the dental community as well.
How To Build a Strong Offense
To win any game, you need a team of well-trained athletes. To win the cyber battle, you need a team of well-trained cyber defenders. The most common way that dental practices are hacked is by criminals targeting your team members. Spear phishing is just one method that hackers use to target you and your team members. These hackers are now utilizing Artificial Intelligence (AI) technology to assist them in their efforts and the ability to detect potentially malicious communications is becoming more and more difficult. Without proper cybersecurity awareness training, your team is almost defenseless against these criminals. Earlier this week, the FBI held a briefing with the Black Talon Security, the ADA and AAOMS about an active, credible threat, targeting oral surgery practices. This threat is a well disguised spear phishing campaign designed to get staff members to click on a malicious link in what appears to be legitimate communications. Empowering your team and providing them with what they need to make “good decisions” is essential in any offensive strategy. Training, testing and ongoing simulated phishing campaigns is how you build a strong team of cyber defenders. Another common way that dental practices are breached is by targeting your network vulnerabilities. Every device connected to a network within your organization is likely to have vulnerabilities present. These devices include firewalls, servers, workstations, printers, security cameras, phone systems and all IoT devices (smart TVs, music systems, etc.). Implementing an ongoing vulnerability scanning and remediation strategy is critical in protecting your business. Finding the “open doors and windows” on your network and closing them before the criminals find them is a critical part of an offensive strategy. Penetration testing is another offensive strategy that should be used to test your network resiliency. Criminal hackers use this tactic every day to test dental practice defenses. You should engage with “white hat” hackers to test the systems that you have put in place. This is an important part of any cyber strategy. Use ethical human hackers (not just a piece of software) to test your systems to ensure that your network is secure.
A security risk assessment is another critical offensive strategy that should be performed by a credentialed security expert. A CISSP or HCISSP should be working with you and your IT resources to make sure that everyone within your organization understands what your entire attack surface is. Remote access, third-party access, backup solutions and policies and procedures as they relate to security, are just some examples of areas that should be addressed by a credentialed cybersecurity professional. This strategy will help your IT resources, office managers and entire team focus on the areas where there are possible weaknesses and address them before criminals can target those weaknesses.
Building A Stronger Defense
Anti-virus software has been an invaluable tool that has been used for decades, but it is no longer equipped to protect your organization from a modern day cyberattack. Relying on decade-old technology to protect you from a modern-day problem is not an effective defensive strategy. Upgrading your technology and implementing Managed Detection & Response (MDR) into your organization is a critical step in building a strong defense. This technology uses AI to recognize the fingerprints of malicious code and unnatural movement inside of your network. A good MDR program can also quarantine a device that is being targeted and fight back and defeat the malicious code. MDR is an effective defensive strategy that should be relied on to win the battle if any part of your offensive strategy fails.
Not Having a Game Plan Can Be Extremely Costly
Protecting your Endodontic practice against a debilitating cyber event must be part of your game plan. These attacks continue to increase and the damage that they are inflicting against their victims is also growing at an alarming rate. The sophistication of the attacks that we’ve witnessed so far in 2024 has led to an increase in the amount of downtime for a practice. An Endodontic practice that has been a victim of a ransomware attack will be down for an average of 7-10 days. In addition to the complete loss of business continuity, organizations are also faced with ransom fees, network replacement costs, legal costs, cyber investigation — not to mention what it will do to your reputation. It’s important to note that almost every ransomware attack now involves the “theft of data” which could potentially lead to penalties related to compliance regulations and crippling class action lawsuits.
Make sure you have a game plan in place and build an effective strategy now so that you can continue to grow and thrive in 2024. Don’t let a cyber event destroy or delay everything that you have worked so hard to build!