As if the health care industry isn’t having enough security problems, is it also at risk for cyber terrorism?
The Ohio-based Times Reporter characterized the recent attacks on medical facilities as cyber terrorism. I’m not sure I’d go quite that far, yet. However, a Thycotic survey commissioned at RSA found that cyber terrorism is a growing concern among security professionals.
Thycotic asked the security professionals five questions regarding cyber terrorism and who is at risk of an attack. In response to the first question about whether a “catastrophic cyberattack” could hit the United States within a year, a whopping 63 percent said yes, it can – will? – happen. Getting more detailed, Nathan Wenzler wrote on the Thycotic blog:
Over two-thirds of respondents stated they did feel that terrorists were this close, and over 80 percent agreed they could strike within two years. A consensus like this is not unusual these days, as more and more terrorist organizations have demonstrated increasing sophistication in their use of technology to communicate, social media to recruit new members, and of course, technical exploits and direct attacks against websites, corporate networks and government entities.
Wenzler went on to say that neither government nor businesses are doing enough to mitigate that potential attack. In fact, as eWeek pointed out:
Additionally, 92 percent of respondents believe that a majority of U.S. companies either need more security or are way behind the security curve to defend against cyber-terrorism attacks.
Was that Ohio paper correct? Are we seeing glimpses of cyber terrorism now within the health care industry? Again, probably not, at least not by Wenzler’s description:
[C]yberterrorism is plotted in the shadows, and is seldom publicized due to either a lack of any entity wanting to take credit, or the need of the government or private organizations to keep any investigation related to terrorism quiet, typically under the auspice of a national security matter. It is this radio silence on the issue that helps keep the matter off the radar for most everyone and decreasing the sense of priority for protecting data and information assets from terrorist threats.
But that doesn’t mean we shouldn’t be alert to cyber terrorism, or that that the health care industry – or any industry, for that matter – won’t be the victim of such an attack in the near future. As Jonathan Cogley, founder and CTO at Thycotic, said in a formal statement:
Some may say the whole discussion surrounding the threats associated with cyberterrorism is hyped; however, our findings show that 72 percent actually feel that the topic isn’t hyped enough and that more needs to be done to protect companies and country as a whole from these types of vulnerabilities. Reexamining the type of security technology used to protect both the U.S. government and private sectors is essential to keeping our country safe.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba