How to tackle cyberattacks and improve cybersecurity

 In Season 4, Episode 10 Decrypt , The Good Doctor, the IT specialist gets cornered when the hospital's systems got hacked. The claim was that some hackers had got into the system and encrypted all the files. So even a storage locker had to be broken into because the password didn't work.

Then the insurance company was called, because the hackers were demanding $2Million (₹15,13,86,680 ~ ₹15 Crores) , where the rep says that he will negotiate with the hackers, because they are amateurs.

The head of the hospital wasn't worried, till he finds out that the backups were also encrypted.

Then the saving grace is that one hard drive didn't get corrupted.

What this means, is that most files are locked with a key, which is with these hackers. Without access to these files, the systems relying on this data, won't work, patient files won't show.

Having been called to companies which got attacked by Ransomware, I can say that most of this can be avoided, if the right structure is put in place.

Today, cybersecurity is mainstream, far and away from the initial discussions we used to have to bring Ethical hacking conferences to life in 2012.

So in a nutshell, cybersecurity is about protecting your infrastructure from:

a) Leaking out data to the world

b) Protecting data from the world

My initial interactions with security solutions started with the first startup I worked with in 2003 in the mobile network space with RADIUS (Used a lot in today's VPNs like Cisco Anywhere) and DIAMETER solutions which focussed on AAA:

  1. Authentication: Authenticate the visitor
  2. Authorisation: Decide what authority the visitor gets, in terms of access control and which sections of your infrastructure they are allowed to access.
  3. Accounting: Create a complete audit trail of what the visitor is doing within the infrastructure. So CCTV footage can be considered as a form of accounting where it can be used to view what particular individuals are doing.
For preventing leaks, and getting a security standards like ISO 270001, it is important to get your platform looked into by a Ethical Hacker, a process known as penetration testing or vulnerability analysis. They run a series of tests to check for any open holes through which the hackers can get into the system.

Finally it's about your data and how well you protect it if it's sensitive information.
In case of transactions, it's important to have backups which are safely stored offline or in other more secure (cold wallet) areas.

--
Written on Phone

 

 

Comments

Popular Posts