Preparing for cyberattacks: building a resilient infrastructure

David Ting
Jul 26, 2017

As has been evidenced over the past two months, with global ransomware attacks WannaCry and Petya, cyberattacks are a part of the new reality. As the healthcare industry moves away from paper and towards an increasingly digitized environment, the risk of cyberattacks also begins to increase.

Putting technology in place to help combat against phishing attacks is a great start, and is definitely part of ensuring a holistic cybersecurity strategy for your healthcare organization. But all the technology in the world probably won’t be enough – you also have to try to solve for human nature and behavior, and for the possibility that someone still may click on a bad phishing link. What happens when – not if – that happens? You should put up defenses to prevent cyberattacks, but assume that, eventually, something will get through – and you should prepare for it.

The best way to combat against cyberattacks is to build cyber resilience, which relies on far more than just securing the perimeter. An emphasis on resiliency in healthcare will help organizations to continue to operate and provide care despite increasing threats of attacks.

 

Building resilience with compartmentalization

When it comes to building cyber resiliency in healthcare, the best defense truly is a good offense – being proactive, rather than reactive, will present a strategic advantage and ultimately help to contain any potential damage.

One way to be proactive in healthcare and build a resilient infrastructure is to compartmentalize – how can you secure your organization so that, should you be impacted by a cyberattack, you are prepared and can quickly bounce back?

 

Avoiding an iceberg

For centuries, boats and ships have been built with bulkheads – upright walls within the body of a ship. Those bulkheads help to fortify the structure of the ship, but also create watertight compartments that can prevent the spread of water in case of a leak. By containing a leak to just one area, a ship can continue on with little-to-no problem. Without bulkheads, though, the likelihood of an entire ship taking on water and sinking would increase drastically.

As part of a ship’s infrastructure, bulkheads help build resilience. Should a ship hit an iceberg – despite all training to avoid them – only that singular part of the ship, if punctured, will take on water. Bulkheads, and their ability to create compartments within the body of a ship, keep the rest of the ship afloat.

Think of a cyberattack like an iceberg, and your organization like a ship. Just like crews can be trained to spot and navigate around icebergs, your end user cans be taught about how to avoid phishing attacks and malware. And just like the hull of a ship can be strong and well-constructed, you can work hard to secure the perimeter of your organization.

But ships still hit icebergs, and someone will, very likely, still click on a bad link. Bulkheads are proactively constructed to keep a ship safe – but what can you do if and when you hit a “cyber iceberg?”

 

Prepare for an iceberg – and be ready if you hit one

Implementing virtual desktop infrastructure (VDI) can help increase cyber resiliency, eliminate antiquated desktops, and create virtual compartments, or bulkheads, that are capable of containment. With VDI, data, applications, and operating systems don’t live on the end points – they are all running in a centrally managed server. This helps bolster security and recovery, especially when threats are most often the result of human nature and behavior.

If you hit a “cyber iceberg,” a compromised or infected virtual machine can be quickly quarantined, terminated, and restarted from a golden image. This limits the potential consequential damage of a rogue machine propagating copies of itself. The ability for users to access clean instances each time helps build resiliency and the ability to continue running the business even when one or machines are compromised.

With virtual compartments created with VDI, user data can be separated from the operating system used to deliver the computing environment. Keeping these separate and, preferably, with different admin privilege levels, limits the extent of damage a malware can inflict both on one machine as well as to others. Without VDI, the work and processes needed to cleanse and re-launch an infected desktop could take hours or days to restore – and not being able to contain the damage means your entire ship could sink. VDI helps to create a resilient infrastructure that allows for your organization to be prepared, contain the damage, and stay in business. That is the ultimate goal these days – keeping the desktops on.

The adoption of VDI in healthcare has been steadily increasing – and for good reason. With VDI, organizations break the dependence on physical desktops and workstations, and can ensure that systems can get back up and running quickly in the event that they hit a “cyber iceberg.”