The rise in cyber attacks this year has forced many companies in critical sectors to make improvements to their cyber defenses in an effort to secure their networks from breaches.
These companies are increasing their investments in cyber security and seeking to hire more cyber professionals – a task that is proving challenging amid a shortage of cyber workers across industries.
The Hill spoke to several security experts and industry leaders in the financial, healthcare and energy sectors to gauge how these vital industries are striving to keep their networks secure amid the growing number of cyberattacks.
In the healthcare sector, which has seen a rise in ransomware this year targeting hospitals and other healthcare facilities, Christopher Plummer, chief cybersecurity engineer at Dartmouth Health, said having a cybersecurity program is critical for hospitals, as they hold sensitive information — including Including patient data.
But he estimated that only about 10 to 20 percent of the country’s hospitals have a dedicated cybersecurity program.
A recent report from Kroll, an investigation and risk advisory firm, found a 90 percent increase in the number of attacks against healthcare organizations in the second quarter of this year compared to the first.
With the increase in cyber attacks, the sector has had to increase its resources to fund cyber security programs and hire more cyber specialists to work on securing its networks and systems from attacks.
“I think many HDOs [health delivery organizations] I don’t know exactly where they are supposed to be in terms of human resources when it comes to cybersecurity – they just know they need people,” Plummer said.
Plummer said the pandemic has put pressure on a sector that was “already in a very difficult position in terms of security resources.”
escalation of attacks It also prompted lawmakers to urge the Biden administration To strengthen the federal government’s cyber defenses in the sector.
in a letter Addressed to the Department of Health and Human ServicesSenator Angus King (I-Maine) and Representative Mike Gallagher (R-W) last month urged the agency to better protect the healthcare and public health sector from the growing number of cyber threats.
Ransomware attacks on [health care and public health] “The sector has skyrocketed in the past two years as opportunistic criminals realize that hospitals may pay quickly to solve problems and protect patient safety,” the lawmakers said in the letter.
“However, we remain concerned about the lack of robust and timely sharing of actionable threat information with industry partners and the need to significantly increase management capabilities and resources. With cyber threats growing exponentially, we must prioritize addressing cybersecurity vulnerabilities for the HPH sector.” ”
In comparison, the financial industry has traditionally been ahead of other sectors when it comes to having a robust cybersecurity regime.
“Because financial services depend on customer trust in their business and have long been highly regulated, the sector is more mature than many others in terms of cybersecurity and preparedness,” said Theresa Walsh, global head of intelligence for financial services information sharing. and analysis center.
But the industry has also recently faced a wave of cyber attacks: in particular, the cryptocurrency sector has been a high-profile target this year as hackers have found ways to steal millions of dollars in virtual currencies.
Over the summer, two crypto companies said hackers stole more than $100 million in cryptocurrency. The companies said at the time that they partnered with law enforcement to try to track down hackers and recover stolen funds.
The agency said Tornado Cash had allowed cyber groups, including North Korean-backed hackers, to use its platform to launder cybercrime proceeds.
Amid such attacks, David Rock, senior vice president at USI Insurance Services, an insurance brokerage and advisory firm, said he’s seen “clients putting higher money into security.”
Roque added that financial services, particularly those in the crypto sector, are also looking to purchase cyber insurance to cover costs associated with data breaches and other types of cyber attacks.
“There has been a great deal of interest on the part of a lot of our customers when it comes to cyber responsibility,” said Rocky, adding that many of his clients in the crypto sector are not included.
Walsh said more resources are also being invested in the industry in business continuity, disaster recovery and other resilience practices.
“As in many industries, thinking has broadened from a primary focus on cyber security and defense to include a strategic focus on cyber resilience or ensuring continuity of operations even in the face of an attack,” Walsh said.
According to a 2020 Deloitte studyFinancial Services spent about 10 percent of its annual IT budget on cybersecurity, with that spending amounting to about $2,700 per full-time employee.
Walsh added that the financial industry, like many other sectors, is facing a shortage of cybersecurity talent. One way to close the talent gap, she said, is for companies to expand the pool of candidates they are considering. Rather than focusing solely on specific backgrounds and number of years of experience, she said employers should also consider more diverse, promising applicants for entry-level candidates.
Besides the financial and healthcare industries, the energy sector has also faced increasing cyber threats.
Last year, Colonial Pipeline was hit by a malfunctioning ransomware attack that forced it to stop operations for about a week. The accident caused gas shortages in several states with high fuel prices.
“This is a huge challenge around the world,” said Susan Lemieux, director of operations security and emergency response at American Petroleum Industry, referring to the rise in cyberattacks.
Lemieux added that the oil and gas industry has made significant investments to strengthen its cyber defenses in the wake of the colonial pipeline attack.
An investment has also been made in education as well as comprehensive training for online workers so that they can learn different skill sets, allowing them to be more flexible in the type of work they do.
Lemieux said that cross-training also helps with retention, which is helpful, especially in an industry with an internet labor shortage.
“In this market today, if you are not safe online, you will not be in the market for long,” Lemieux said.