Have you ever done something just because everyone else was doing it?
I’ve got to admit. I fall for this all the time (it’s simply human nature). When a friend of mine showed me his shiny Tesla, I thought to myself, “I wish I had one” (luckily in that case, my rational side came to conclude that I did not, in fact, need a Tesla right now.
Often in many healthcare offices that we work in, folks ask us about implementing the latest and greatest in cybersecurity technology because they heard a colleague talking about implementing it.
One of the things hospital systems that I’ve spoken with recently have been talking about their security automation to make day to day processes efficient. Why do security the old fashioned way when we can automate everything to ensure it all gets done?
One of the buzz terms floating around in IT security—especially as it pertains in hospital systems—is around the acronym SOAR. That’s short for Security Orchestration, Automation, and Response. Sounds like a good thing to have in place, right?
Today I want to briefly walk through the framework that SOAR lays out, but from the context of doing what fits your organization (not what security experts’ ideal implementation would be). Since security implementation and automation have assuredly helped our clients advance in not only keeping compliant but helped us focus our attention on biggest issues—long term and short term—in healthcare cybersecurity, I thought it a good point to help IT directors think about when planning for their IT Security systems going forward.
Here are a few steps for preparing for a SOAR-environment:
Get a good grip on your current security operations—with or without SOAR, your hospital needs to have a way of managing security incidents. Do you have something written in stone or will you have to improvise? The more you can know ahead of time, the more you’ll be prepared. The more process that leads you toward making sound decisions that focus on speedy recoveries from attacks and breaches, the easier it will be to survive an attack. Evaluate what you have in place already before taking a leap towards new products or investing in a SOAR framework.
Before investing in SOAR (or any other cybersecurity infrastructure or framework), take time to discuss with your stakeholders (heads of your departments) to understand their current processes and how implementation of your security measures may impact them.
Inventory the tools they use—both to get their work done and the tools you use to help keep data secure in their departments. Note: you may have specific security in place to protect very specific activities (for instance, maybe your billing department transfers a lot of information to third party vendors). Do they use any tools for data enrichment? Once you’re able to understand what tools you already have in place, you can map how you would respond to an incident response cycle (outlined in your security standards, for example NIST) and identify where your gaps are.
Take a look at your incident response process—your organization likely already has procedures on how to respond to a data breach or cyberattack (if not, ask us for a free ransomware vulnerability assessment for guidance]. How do you maintain compliance with HIPAA pressures? How does your team manage security incidents, such as malware and phishing events? Keeping an understanding of what you already have in place—and testing that process—will leave you at a much better point than if you had to scramble after an attack’s compromised your entire network.
Keep up on security metrics—do you have any metrics to give insight on your security? How many attempted attacks were made on your network? How many got through your firewall? How much suspicious activity is occurring on network? Where is it coming from? What alerts do you have in place to make sure machines are properly patched? If you have no formal metrics to report, consider asking one of our security experts for their assessment.
Figure out what is most important to your organization—SOAR frameworks can offer a variety of features, parameters and choices. The issue is identifying what’s important beyond the shiny new security framework. What is actually going to work for your hospital to keep incidents down and responses appropriate to the situation? What automation will make your life easier protecting your network? What are the pressing issues your security team is facing? Do you have recurring incidents or process bottlenecks? Figure out where your problems lie and how SOAR might be able to make your job easier to protect your network.
Sketch out your security playbook—get a sense of how you will use a security platform. Sketch out a playbook for an important use case before diving into investing in a framework for your entire hospital. Evaluate your current security processes and figure out how user experience and your team’s time would be best spent (sometimes, this might mean reevaluating products and services offered by 3rd party vendors).
Are you prepared for a cyber event?
Most rural hospital IT teams are simply inundated with work. IT demands are growing over time and security is not as big of a day to day problem—especially when it comes to helping a user get back to working or making sure that every single t is crossed from a security standpoint. The problem is that investing in security can payoff to assure you that your network won’t lead to any ‘what if’s’ later on.
Want a second opinion with your security or help constructing an approach to security to protect your users?
Contact Us TODAY for a free ransomware vulnerability assessment!
