INTELLIGENT VERTICAL: HEALTHCARE
be critical in detecting a potential issue
quicker, and taking action (for example
alerting a nearby nurse) without the need for
caregivers to be everywhere at once. to all of the same devices. In healthcare,
this could mean that all door locks, or heart
monitors that have their set roles, can have
unique credentials.
Clearly, this use case is integral to safe and
efficient running of healthcare institutions,
and it also fits into part of the IoT puzzle
within healthcare, helping those running
the institutions to better make use of the
equipment they already have. For employees, having the correct login
credentials based on their roles can access
certain applications depending on the
context of their location, device type and
organisational governance. This allows
security teams to use these parameters
to set policies so that when they change
a number of actions can be performed;
ranging from multi-factor authentication
to a security software update or perhaps
quarantine for further inspection.
Step three: Use AI-enable
intelligence to monitor change
By bringing devices together in a single
management platform on the network,
security staff are better able to take a holistic
view of all equipment and begin to build
smarter security policies. The unfortunate
truth is that, no matter how much planning
and patience is put into securing a network,
threats will find their way in.
Step six: People are usually the
weakest link in security
Gamal Emara, Country Manager, UAE
at Aruba
Thankfully, for organisations that want to
combat this to their utmost ability, AI-
based Machine Learning is becoming more
sophisticated in helping to identify early
and mid-threat scenarios. Sophisticated
cyberattacks manifest themselves slowly over
several months through leveraging analytics,
this technology can spot changes in
behaviour that often indicate that the profile
of a user’s device is not conforming to usual
patterns. In fact, a recent report showed that
two thirds of breaches were perpetrated by
insider actors, and not internal forces. The challenge with this, is that historically
some of these features were not embedded
as standard, but charged as optional extras.
Therefore devices and applications were
able to bypass flaws in the network design,
creating exposure to risk. Today, there are
far more robust security features that are
deeply embedded into the wireless and
wired network allowing security teams to
build around this in a world where the attack
surface has grown exponentially due to
mobility and IoT. This requires an inside out
view of the security strategy.
The combination of integrating a powerful
access control solution, along with AI, allows
suspicious devices or actors to be temporarily
quarantined to support security teams to
focus their precious time on analysing only
the most pertinent anomalies. The savings
associated with this model is allowing IT
teams to rebalance their workload to a more
proactive security posture. Step five: Don’t just use
default settings
Step four: Shape the network around
better security
With the global rise of cyberattacks, there
can no longer be a disconnect between
network and security teams. Primary security
elements must now be embedded into the
network to allow more sophisticated security
policies to leverage the network to gate or
grant access to bandwidth.
98
INTELLIGENTCIO
Regardless of the technology in place, or
the permission set into practice, individuals
using and accessing devices remain
critically important to educate, inform and
monitor. Traditionally, unsafe practices are
usually a result of a poor understanding
and therefore, it’s key to regularly
review and recertify all staff members to
understand the protocols in place to keep
the organisation safe.
By creating a set of processes and practices
with password hygiene and prompts,
employees can do their bit in ensuring the
network remains safe. Password prompts
that are unique to the individual is key to
building a strong protective perimeter with
everyone owning, and protecting their own
credentials, and ultimately the network.
Step 7: Reassess and revise
It’s surprising to find the frequency
of breaches that occur as a result of
not changing default credentials and
passwords. The fact is, most IoT-related
breaches to date were as a result of
organisations failing to update these details
and have suffered as a result.
Vendors are now getting wise to this and have
started offering more unique options than the
standard ‘admin’ and ‘password’ defaults.
However, this does not require unique
credentials for every connected device.
Instead, role-based credentials that adhere
to security recommendations for character
length and combinations can be supplied
No matter how much effort is put into
securing the network, the work is never
complete. Instead, organisations should
always look to evolve as new technology and
recommendations become available.
This shouldn’t mean that everyone has
to become experts in security. Rather, it
would mean that organisations look at
their vendors and partners for what is new
and improving the industry. By taking all
these steps security isn’t guaranteed but
the healthcare organisation that takes its
security hygiene seriously will mitigate for
the majority of weak links whether that be
people, process or technology. n
www.intelligentcio.com