The uncertainty is palpable

On 29 March 2022, the Health Captains Club (HCC) invited guests to the Badischer Hof in Heidelberg. The association holds regular international discussions on topics relating to the medical and hospital sector. Topics included cyber security and attacks from cyberspace.
Konferenz HD

Who are the actors? What is the impact of attacks on critical hospital infrastructure and how can we protect ourselves? We were able to constructively accompany a lively discussion about this in the person of our specialist Lukas Sökefeld.

Who discusses with each other?

The composition of the panel on this afternoon in Heidelberg: Miriam Schnürer from BSKI, moderating the panel consisting of security consultant Christian Lange, Dr Arne Peine, Managing Director of Clinomic GmbH and Lukas Sökefeld, cyber security expert at Concepture. One thing became clear right at the start of the round table: the threat situation in the cyber environment of healthcare has changed. And unfortunately not for the better. Attack vectors are becoming increasingly blurred and healthcare facilities and/or critical infrastructures are now being targeted by attackers.

Shocking figures

A shocking figure lands in the audience right at the beginning: since the start of the coronavirus pandemic, attacks on utilities in cyberspace have increased by a shocking 300 per cent. The frequency and sophistication of the attackers has demonstrably increased in recent years. The variety of attacks has also increased. The variety of attackers has also increased. The one hacker no longer exists in this form. A distinction is now made according to the motivation of the perpetrators.

Perpetrators and motives sometimes differ

In the meantime, the panel points out, there are three main categories of hackers.

  • Hackers / cyber criminals
    The ‘classic’ hacker, i.e. driven by criminal energy and monetary gain. Their motives are more or less clear from the description. This type of hacker is not new either.
  • State hackers
    The ‘state’ hacker. They have become known to the general public in recent years from various regimes. North Korea, China and Russia have repeatedly made a name for themselves in the recent past with attacks on public targets.
  • Ethically motivated hackers
    A relatively new type is the ‘ethically motivated’ hacker. This phenomenon has been on the rise since the start of the Russian war of aggression against Ukraine. These hackers act out of moral convictions and do not act to achieve financial gain for themselves.

Interest in hacker types two and three in particular is steadily increasing. In politically motivated armed conflicts, these hackers can add a new dimension to the conflict. The state hacker thus becomes a direct vicarious agent of political motives.

People are the ‘weak point’

Time and again, the weak point in any security architecture is the human being. Sometimes easier, sometimes more difficult. Nowadays, as the experts report this afternoon, there are very well-crafted phishing attacks. Gone are the days of dubious sender names with very poor and bumpy translations, which a reasonably alert user would immediately recognise as spam and phishing. Today’s personal cyber traps no longer have much in common with them. These so-called spear phishing attacks are nothing new, and we have already covered this phenomenon in our publications.

These vulnerabilities can and will never be permanently closed, but the risks can be minimised. The key to this is permanent and sensibly coordinated awareness training with employees.

Uncertainty among the audience

The latest recommendation from the German Federal Office for Information Security (BSI) to stop using the antivirus provider Kaspersky is causing a number of questions and a palpable sense of uncertainty in the auditorium. On 15 March, the BSI warned against using the Russian company’s software. According to the BSI: ‘The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU, NATO and the Federal Republic of Germany in the course of the current armed conflict are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer can itself carry out offensive operations, be forced to attack target systems against its will, or itself be spied on as a victim of a cyber operation without its knowledge or be misused as a tool for attacks against its own customers’.

Which manufacturer can be trusted? Can it be ruled out that manufacturers from other countries may also experience these problems? This causes confusion and the desire for a clear recommendation for action is almost palpable at this moment.

The answer from the stage at this moment may be sobering: there is no blueprint for this – the selection of such a programme is still mainly a matter of trust. Nothing can be changed in the way the programmes work and their functionality if they are to be able to fulfil their task. An antivirus programme must be deeply anchored in the system, monitor processes and have far-reaching powers within the system. The experts’ advice: Take a close look at the programmes. What is the situation in the home countries? Can the local laws create a situation like the one described above by the BSI?

Do not counteract measures

An exciting topic is also touched on in the discussion. Despite all caution and all measures, care should be taken to ensure that the security measures taken are not counteracted elsewhere by negligence or poor planning. To make the example a little more tangible: A perfectly protected network is unfortunately of no use if you can physically access all IT locations in the company building without any problems (e.g. server room). This is where the disciplines of security become blurred. Security must be viewed and planned holistically at this point – an old credo and a strength of Concepture.

Concerns about the political situation

Many of the listeners see themselves and their organisations as part of the critical infrastructure suddenly plunged into the bitter reality of war in Europe. What will happen if the war spreads? Won’t clinics and hospitals then also become targets of possible attacks from cyberspace? The bitter answer is: yes, they will directly or indirectly. The experts agree that now more than ever, BSI basic protection must be the absolute minimum for protecting KRITIS hospitals.

The importance of emergency plans is also emphasised once again. Any security measure can fail, the attacker can discover and exploit a previously unknown attack vector – what then? In this case, an in-depth and detailed emergency plan can shorten downtimes, restore structure and maintain functionality or restore it more quickly with clear instructions. That’s why it’s so important.

Conclusion of the afternoon

So what to do now? What concrete proposals and suggestions are on the table? At this point, we will try to summarise the results of the discussion in a meaningful way.

  • Close the human ‘weak spot’ as much as possible. Recurring awareness measures and effective monitoring of their effectiveness are the key to this.
  • Think outside the box. Take a broader view of security and think about measures that may not have much in common at first glance.
  • Look for trustworthy partners for your cyber security and evaluate them constantly.
  • Develop an emergency plan and implement it. If an emergency plan is already in place, test it to a limited extent and improve it if necessary.

If you have not already done so, implement the BSI basic protection. It provides the essential foundation for all further and future measures to increase your security and resilience.

Miriam Strauß

Marketing & Kommunikation
Miriam Strauß is engaged daily in the latest developments in AI and marketing and is responsible for communications at Concepture.

Jetzt weiterlesen!

Cyber Security, Management Consulting, Security Consulting

Security 2025: The top trends that no company can ignore

The security landscape is changing rapidly. To stay protected in the future, companies must focus on trends like OSINT, robotics, and Zero Trust by 2025. This article outlines the five key developments that you can’t ignore and a groundbreaking technology that could transform security.

Uncategorized

Deepfakes: More Than Just a Digital Facelift – A Cybersecurity Threat

I recently came across an interesting article by BlackBerry titled "Deepfakes and Digital Deception." It painted a vivid picture of the rising threat of deepfakes in the cybersecurity landscape. While deepfakes can be entertaining, their potential for malicious use is what truly caught my attention. The article effectively highlights how deepfakes, fueled by advancements in generative AI, are becoming increasingly sophisticated and accessible. This ease of creation, coupled with the persuasive power of deepfakes, makes them a potent tool for cybercriminals.

Uncategorized

EU Cyber Resilience Act: Everything you need to know

The EU Cyber Resilience Act (CRA) is a pioneering step towards greater cyber security for digital products in the European Union. This regulation defines binding security standards and protects consumers and companies from increasing cyber threats. In this article, you will learn everything you need to know about the CRA, its scope of application, the requirements and how companies can prepare themselves.

Alternativ zum Formular können Sie uns auch eine E-Mail an info@concepture.de senden.

Instead of the form, you can also send us an email to info@concepture.de.