“Cyber threat intelligence sharing still holds the greatest potential to enhance situational awareness and improve organizational cyber preparedness.”
Few healthcare companies actually contribute to a healthcare cybersecurity threat intelligence sharing and analysis organization, according to a recent report, which shows there are gaps when it comes to collecting data and then learning from it.
The Health Information Trust Alliance (HITRUST) found that just 5 percent of healthcare organizations contributed Indicators of Compromise (IOCs) to the HITRUST Cyber Threat XChange (CTX). However, 85 percent of organizations gathered information from IOCs in that same timeframe, according to The Health Industry Cyber Threat Information Sharing and Analysis Report.
- Current requirements and guidance regarding the submission of IOCs to the HITRUST CTX is deficient and contributes to under-reporting or inconsistent reporting of IOCs
- Current level of IOC collection is not representative of the level of cyber threats being perpetrated against the healthcare industry – nor are complete and timely IOCs available through existing government and other readily available commercial cyber threat sources
It is also important to note that just 50 percent of the contributed IOCs in the sampling period were considered “actionable,” meaning they could potentially be “useful in allowing preventative or defensive action to be taken without a significant risk of a false positive.”
“Cyber threat intelligence sharing still holds the greatest potential to enhance situational awareness and improve organizational cyber preparedness,” HITRUST CEO Daniel Nutkis said in a statement. “Development of the IOC collection requirements and our deployment of breach detection systems are a big step forward in advancing industry’s cyber intel sharing capability.” For the full article click here
from cyber security caucus http://ift.tt/1SGT988
via IFTTT
No comments:
Post a Comment