According to researchers at Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against a customers’ VPN appliance and hijacked multiple active user sessions.
Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do.
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
The energy sector requires an approach to cybersecurity that doesn’t rely exclusively on air gaps or point-in-time detection tools but addresses the full attack continuum – before, during, and after an attack.