- Preparing for potential healthcare endpoint attacks should be a top priority for covered entities, especially with a recent survey showing that organizations believe that an over-reliance on traditional endpoint security is leaving entities exposed.
Over half (54 percent) of 665 surveyed IT and security leaders said their company experienced a successful endpoint attack, according to a new study from Ponemon that was sponsored by Barkly.
Fileless attacks, which typically exploit malicious code or launch scripts directly from memory, are also on the rise. Twenty-nine percent of respondents said the attacks they faced in 2017 were qualified as fileless attacks, which is an increase from the reported 20 percent the year before.
“Once an endpoint has been compromised, these attacks can also abuse legitimate system administration tools and processes to gain persistence, elevate privileges, and spread laterally across the network,” report authors explained.
Fileless attacks are also 10 times more likely to succeed than file-based attacks, the survey said. Of the 54 percent who said they experienced a successful attack, 77 percent said the attack utilized an exploit or fileless techniques.
It is increasingly expensive though to meet the ever-evolving threats, researchers found. Just one-third of respondents said they have adequate resources to effectively manage endpoint risk. Endpoint solutions not providing adequate protection was the biggest problem listed by respondents, followed by responding to high numbers of false positives and security alerts.
Companies lost an average of $5,010,600 in 2017 to endpoint attacks, averaging $301 per employee, the report showed. Healthcare endpoint attacks specifically cost the industry $1.3 billion.
Thirty percent of the total cost was due to IT and end user productivity loss ($1.5 million), 25 percent was attributed to system downtime ($1.25 million), and 23 percent was caused by theft of information assets ($1.15 million).
“The current endpoint security solutions organizations are deploying are ineffective at stopping today’s new and evolving attacks,” report authors explained. “In addition, implementation and management of these solutions is placing unjustified strain on organizations’ employees and resources.”
“As a result, many organizations are moving beyond their current antivirus solutions, but the majority are choosing to replace or supplement them with solutions that do not truly address their gaps in protection (e.g. other AVs or endpoint detection and response solutions that mitigate attacks after damage is done).”
Antivirus solutions may also not be as effective against the current threats, the survey indicated. Less than one-third of respondents said they believe their antivirus can stop existing threats. One-third also stated they had replaced their AV with another vendor’s AV or a next-generation endpoint solution.
Approximately half of those surveyed (54 percent) reported that they believed the attacks they were seeing could actually be stopped.
Ransomware attacks are also a continuing issue, the report found. More than half of respondents said they experienced one or more ransomware attacks in 2017, with 40 percent of those organizations saying they experienced multiple ransomware attacks.
Furthermore, 65 percent of surveyed entities said they paid a ransom, with the average payment equaling $3,675.
“This survey reveals that ignoring the growing threat of fileless attacks could be costly for organizations.” Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. “The cost of endpoint attacks in the companies represented in this study could be as much as $5 million, making an enterprise-wise endpoint security strategy more important than ever.”
While federal agencies and other key stakeholders repeatedly advise against organizations paying a ransom demand, another recent survey showed that there are still entities that will pay.
Twenty-six percent of UK and US healthcare IT professionals said that their organization would pay a ransom demand, an Infoblox study found. Of those, 85 percent of UK respondents said there was a plan in place for this situation and 68 percent of US respondents said the same.
“The widespread disruption experienced by the NHS during the WannaCry outbreakdemonstrated the severe impact to health services that can be caused by a cyberattack,” Infoblox Western Europe Director Rob Bolton said in a statement. “It's crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data."