UAE healthcare bodies can secure IoT infrastructure in 7 steps
Internet of things devices may offer extraordinary benefits to healthcare organisations in the UAE. From improving patient outcomes, staff effectiveness and operational cost savings, it could also bring with them new security risks.
Any type of connected device is a potential risk, even wireless lightbulbs, so it’s imperative that healthcare institutions do everything they can to stem the flow of malicious attackers. This calls for a multi-layered security approach to mitigate these threats.
Know your network, inside and out:
To secure the network that your IoT infrastructure connects into, it’s important to know exactly what’s running on it. As more employees and users become more network savvy, it’s hard to keep track of what is being connected to the network because it’s no longer just IT professionals who are making the connections.
To combat this threat, a modern network access control solution is a great starting place, with a roles-based management and network segmentation solution. These solutions will enable network and security managers to set policies around ‘things’ and devices, meaning that not just anyone can connect to the network. On top of this, it’s also possible to set permissions on what data and applications they can access, as well as setting rules to who can manage and maintain these networks and devices.
Users, devices and things have roles; know them:
It’s important to consider the myriad of devices that carry the ability to transmit data, locate them on the network, and consider how they could be used to create an integrated and innovative experience.
In healthcare, patient monitoring within a surgery ward could keep track of vital signs, such as heart rate, without physically attending the bedside. This ability could be critical in detecting a potential issue quicker, and taking action (for example, alerting a nearby nurse) without the need for caregivers to be everywhere at once.
Use AI-enabled intelligence to monitor change:
By bringing devices together in a single management platform on the network, security staff are better able to take a holistic view of all equipment, and begin to build smarter security policies.
The unfortunate truth is that, no matter how much planning and patience is put into securing a network, threats will find their way in.
Thankfully, for organisations that want to combat this to their utmost ability, AI-based machine learning is becoming more sophisticated in helping to identify earlyand mid-threat scenarios.
Sophisticated cyberattacks manifest themselves slowly over several months but through leveraging analytics, this technology can spot changes in behaviour that often indicate that the profile of a user’s device is not conforming to usual patterns. In fact, a recent report showed that two thirds of breaches were perpetrated by insider actors, and not internal forces.
Shape the network around better security:
With the global rise of cyberattacks, there can no longer be a disconnect between network and security teams. Primary security elements must now be embedded into the network to allow more sophisticated security policies to leverage the network to gate or grant access to bandwidth.
The challenge with this, is that historically some of these features were not embedded as standard, but charged as optional extras. Therefore devices and applications where able to bypass flaws in the network design, creating exposure to risk.
Don’t just use default settings:
It’s surprising to find the frequency of breaches that occur as a result of not changing default credentials and passwords. The fact is, most IoT-related breaches to date were as a result of organisations failing to update these details and have suffered as a result.
Vendors are now getting wise to this and have started offering more unique options than the standard ‘admin’ and ‘password’ defaults, which, surprisingly, is well-documented on the internet. However, this does not require unique credentials for every connected devices. Instead, role-based credentials that adhere to security recommendations for character length and combinations can be supplied to all of the same devices. In healthcare, this could mean that all door locks, or heart monitors that have their set roles, can have unique credentials.
People are usually the weakest link in security:
Regardless of the technology in place, or the permission set into practice, individuals using and accessing devices remain critically important to educate, inform and monitor. Traditionally, unsafe practices are usually a result of a poor understanding and therefore, it’s key to regularly review and recertify all staff members to understand the protocols in place to keep the organisation safe.
By creating a set of processes and practices with password hygiene and prompts, employees can do their bit in ensuring the network remains safe. Password prompts that are unique to the individual is key to building a strong protective perimeter with everyone owning, and protecting their own credentials, and ultimately the network.
Reassess and revise:
No matter how much effort is put into securing the network, the work is never really complete. Instead, organisations should always look to evolve and improve their practices as new technology and recommendations become available. This shouldn’t mean that everyone has to become experts in security. Rather, it would mean that organisations look at their vendors and partners for what is new and improving the industry.
By taking all these steps security isn’t guaranteed but the healthcare entity that takes its security hygiene seriously will mitigate for the majority of weak links whether that be people, process or technology.
AI-based machine learning is becoming more sophisticated in helping to identify earlyand mid-threat scenarios