Validation of the Need
66
%
of InfoSec professionals
admit employees are the
weakest link.
Source: Managing Insider Risk
through Training and Culture.
Ponemon Institute, 2016
The average cost of a
data breach in 2016 was
$4 million
Source: 2016 Cost of Data
Breach Study: Global Analysis,
Ponemon Institute
technologies are doing such a good job that the bad
actors are finding it hard to penetrate networks.”
Even though technology is largely successful in defending
against this type of crime, phishers understand that
employees represent the path of least resistance. It is
simply the easiest way to get in. Compromised
credentials or information can be sent to employees,
which allows scammers to essentially open the door to
a healthcare organization’s most sensitive data. Conrad
explains, “This is what happens with phishing
campaigns—you have Fort Knox built and then
someone opens a back door and says, ‘come on in.’”
To make matters worse, only the best emails will
make it through the system, making it increasingly
difficult for even the most vigilant of employees to
protect themselves and the organization.
Typically, the goal of a phisher is to gain access to
intellectual property and competitive information,
but that is not always the case when phishers are
trying to penetrate a healthcare organization. So,
what is to gain? Healthcare information is difficult
for phishers to monetize, but the current approach
focuses less on information and more on ransomware,
forcing the organization to pay or face the consequences.
6
88
%
of employees lack the
awareness needed to prevent
common cyber incidents.
Source: 2016 State of Privacy
and Security Awareness
Report, MediaPro
Physicians and their office
staff are key targets for
ransomware and phishing attacks.
Conrad explains, “They work in a
fast-paced environment that values
patient satisfaction. Because of
this, they may look to respond
quickly to a phishing email attempt
and miss the warning signs. A
hasty decision, made with good
intentions, can easily lead to very
severe consequences.”
According to the Poneman Institute’s 2017 Cost of
Cyber Crime Study, ransomware attacks have doubled
in frequency from 13% in 2016 to 27% in 2017 across
multiple industries (Richards, LaSalle, and van den
Dool, 2017).