- Healthcare cloud security is increasingly critical for organizations as they continue to implement more options for data storage and backup. Employees must also be properly trained on the latest cybersecurity trends to properly mitigate potential threats.
Research shows that the risk of malware infiltrating the cloud and lagging employee training methods could lead to data security issues with the cloud.
Forty-five percent of organizations using public or hybrid cloud said their own employees were the biggest security risk, according to the 2018 Netwrix Cloud Security Report. Thirty-nine percent blame their own IT staff for attacks, while 33 percent placed the blame on business users. One-third also reported that their cloud providers were at fault.
Netwrix interviewed 853 respondents in various industries and organizations for the survey.
The majority of respondents did not have full visibility into the activity in their IT infrastructures, with only 28 percent reporting complete visibility into the activity of IT staff.
The risk of unauthorized access (69 percent), the risk of malware infiltrations (50 percent) and the inability to monitor employee activity in the cloud (39 percent) were the top cloud security concerns, the report showed.
“Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes,” Netwrix CEO and Co-Founder Michael Fimin said in a statement. “To address the human factor in all its forms, organizations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimize the damage.”
Fifty-five percent of respondents said that employee training was the most urgent measure for strengthening cloud security, followed by enforcement of stricter security policies (53 percent) and deployment of vendor security solutions (39 percent).
Cloud security will also be essential in detecting certain cybersecurity threats, including malware.
A recent Bitglass and Cylance study found that 44 percent of organizations had some form of malware in at least one of their cloud applications.
Researchers scanned tens of millions of files and found a high rate of infection in cloud applications. The team also discovered a low efficacy rate for apps with built-in malware protection like Microsoft Office 365 and Google Drive.
One in three corporate instances of SaaS apps contained malware, the study showed. Microsoft OneDrive had the highest rate of infection at 55 percent, followed by Google Drive with a 43 percent infection rate.
“While malware is not a new threat, many companies fail to defend against its modern forms; relying solely upon endpoint or native cloud security is no longer adequate,” researchers explained in the report. “Organizations must now adopt cloud-first solutions that defend against known and unknown malware as they are uploaded to applications, downloaded to devices, and resting in the cloud.”
Healthcare organizations should not avoid cloud options solely for data security concerns. HIPAA regulations now account for cloud service providers (CSPs) to be considered a business associate, and covered entities can enter into a business associate agreement (BAA) to keep themselves and their data protected.
This can be any organization that has more than just transient access to data, such as FedEx, UPS, or the US Postal Service, HealthITSecurity.com contributor Bill Kleyman explained in a 2017 article.
“An example of this kind of service would be Citrix ShareFile Cloud for Healthcare,” he wrote. “This kind of solution lets healthcare organizations collaborate with their data both on the premises and in the cloud.”
Conducting penetration and vulnerability tests will also be critical to fully take advantage of file sharing options while staying secure, Kleyman continued.
Employee training and a culture built around security awareness will further help close gaps in an organization’s security strategy.
“Help users understand the importance of security, how it helps protect your brand, and how it’s critical to help protect your patients,” Kleyman wrote. “A good training program won’t only help people become more aware of their security environments, it’ll help them think before they share or click on a file.”