Reduction of cyberattack surface for healthcare organizations with the help of identity segmentation
As we know that to deal with cyberattacks segmentation is the best possible way out but there are 2 types of segmentation and the question arises that which segmentation is better for healthcare organizations. So, identity segmentation is the best for the use and to keep data safe. How it going to be is discussed in this article in detail. Data breaches with a connection to compromised privilege credentials are on the rise nationwide and hold to plague groups in lots of crucial infrastructure sectors consisting of the healthcare industry. Meanwhile, 2022 Crowd Strike Global Threat Report notes attackers are an increasing number trying to perform their objectives of data breaches without writing malware to the endpoint. Instead, they’re ramping up innovation on how they use identities and stolen credentials to pass legacy defenses. 62 percent of attacks listed in the fourth sector of 2021 have been non-malware, hands-on-keyboard activity, in step with the report. Meanwhile, both healthcare organizations and their project network and application transportation are undergoing digital and modernization transformations. Like the government and private sectors, healthcare institutions’ infrastructure is a blend of on-premises and cloud — a hybrid model consisting of on-premises storage, servers, cloud workloads, software-as-a-service (SaaS) applications, and laptops and workstation desktops. Combined with a blast of end-users, applications, and devices that appear to always be in charge, the modern healthcare environment has introduced a much broader potential attack plane. Dropping that cyberattack surface that remains mission dangerous for cyber defenders.
Network segmentation v/s identity segmentation
Network segmentation has been around for decades and is taken into consideration as one of the central factors in the NIST SP 800-207 Zero Trust Framework. Network segmentation is an approach used to segregate and isolate segments in the enterprise network to lessen the attack surface. Though network segmentation reduces the attack surface, this approach does not protect in opposition to adversary techniques and tactics related to identity. The approach of segmentation that offers the most danger reduction, at a decreased fee and operational complexity, is identity segmentation. Identity segmentation restricts get admission to programs and sources primarily based totally on identities. These identities may be human accounts, carrier or programmatic accounts, and privileged
accounts. With extra than 80 percent of attacks leveraging consumer credentials, perimeter security needs to pass toward the consumer — the “last line of defense.” Identity protection is the maximum critical factor of a 0 trust safety framework, limiting the assault surfaces that may be exploited with the aid of using adversaries. Identity segmentation enforces danger-primarily based regulations to restrict resource access, primarily based totally on a team of workers’ identities.
Reducing cybersecurity challenges
A critical functionality of identity segmentation is the application of multi-factor authentication (MFA) to each application possible, even the ones that don’t generally lend themselves to the use of MFA. By segmenting give up-customers based on behavior, cyber leaders can virtually make cybersecurity much less burdensome for employees who want to get admission to the same programs commonly for the duration of the workday, which includes doctors and nurses. For example, docs and nurses need to now no longer must perform multi-factor authentication each time they get admission to the same asset. Instead, safety administrators can segment customers that are low-risk as opposed to those who want to get admission to higher-risk assets based on the gadgets used, their identity, and the application used. Using those sorts of behavioral insights, MFA may be carried out extra frequently to the end-users who’re demonstrating a higher danger, even as easing MFA challenges for giving up customers worried in the lower-danger workflow. The pleasant identity segmentation answer will now no longer deal with each user the identical.
Boosting the identity segmentation safety posture
Network segmentation is a critical piece of 0 trust safety. However, healthcare IT and safety groups can drastically lessen their organization’s hazardous publicity with the aid of using focusing on the maximum critical goal of hackers: a team of workers’ identities. By making use of identification segmentation and real-time detection and prevention of identity-related incidents, healthcare businesses can benefit from attack path visibility throughout their identity landscape. They can restrict the attack surface with the aid of using constantly assessing gaps in the identities of their hybrid IT environment. Cybersecurity packages are a really important part of the delivery of modern healthcare. The enterprise maintains to make first-rate strides on its journey toward digital health transformation. Unfortunately, this adventure has created unintentional consequences, such as the enlargement of the cyber assault floor. Adversaries have taken gain of these opportunities by maintaining healthcare structures hostage, deploying ransomware, and stealing data. Healthcare organizations should now take the extra modern step of transforming their cybersecurity programs.