Director of Enterprise Security Campaigns, Mimecast
User Name
Matthew Gardiner
Matthew Gardiner
Matthew Gardiner is a Director of Enterprise Security Campaigns at Mimecast and is currently focused on email security, phishing, malware and cloud security. With more than 15 years focused in security, Matthew’s expertise in various roles includes threat detection & response, network monitoring, SIEM, endpoint threat detection, threat intelligence, identity & access management, Web access management, identity federation, cloud security, and IT compliance at RSA, Netegrity, and CA Technologies. Previously he was President and a member of the board of trustees of the security industry non-profit, the Kantara Initiative. Matthew has a BS in Electrical Engineering from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management.
Related Articles
This month in security: May 2023
This month in security, ransomware hits NSW cancer centre, software maker halts trading after incident, cyberattack “not an act of war”, government announces new scam centre and “hit squad”, Medibank tight-lipped despite review, and Billy Corgan paid hacker’s ransom to prevent smashing pumpkins music leak.
Read MoreDeepfakes and biohacks: how new AI is helping hackers fool cutting-edge security
We’ve all felt the comfort of a familiar voice or an arm on the shoulder. Human contact and trust go hand in hand, and our bodies and voices have become a crucial way that we protect business assets too. However, these seemingly un-fakable identity markers are not as foolproof as we thought.
Read MoreTikTok: time to stop?
It’s the endlessly watchable home of dance routines, food hacks, comedy skits and ASMR videos. But TikTok is under scrutiny from regulators across the world thanks to concerns about data use and possible Chinese government influence. Should your organisation be worried about its potential risks?
Read More
Content
See where healthcare cybersecurity is falling short.
Any regular reader of our blog site has likely come across my quarterly Email Security Risk Assessment (ESRA) blogs that summarise and draw conclusions from aggregated test results we’ve accumulated.
Up until now, however, I have not analysed the test results from the point of view of any particular industry. However, there is evidence that the global healthcare sector is increasingly under cyberattack, as described in our recent blog, Cybercriminals Love Healthcare. In Australia, recent victims of data breaches include Victoria’s Emergency Services, Melbourne’s Cabrini Hospital and HealthEngine.
In early 2019 I pulled the ESRA tests of healthcare organisations, comparing those results to the entire set of ESRA data – and what do you think I found? Are healthcare organisations better or worse protected from email-borne threats when compared with a large cross section of other industries? Read on to find out!
How does the ESRA work?
In an ESRA test, the Mimecast service reinspects a participating organisation’s emails that were deemed safe by their incumbent email security system. This is based on actual inbound email traffic into that organisation, not on crafted or test email. It doesn’t get much more ‘real’ than that! We run this test over a period of time, usually between a week and a month at each participating organisation.
A Mimecast ESRA test passively inspects and records the results of real emails that have been delivered to an organisation’s employees and determines if they are legitimate or unwanted (spam, phishing, impersonations, or contain malware). In security terms, an ESRA test is a false negative hunting initiative, where the Mimecast email security service inspects delivered emails looking for those unwanted ones that have passed through their existing email security net and landed at the organisation. The report from March 2019, for example, can be found here.
But what was’nt in the December 2018 report or any other is a cut of data specifically pulled from tests run at healthcare organisations. Here’s what I found when I pulled that data:
|
Categories of Emails Passed Through the Incumbent Email Security System |
Healthcare ESRAs |
All ESRAs |
|
Total # of email inspected |
2.2M (1.2% of the total) |
181.9M |
|
Total # of unwanted emails (False Negatives) |
352K (16.2% of 2.2M) |
21.3M (11.7% of 181.9M) |
|
Total # of emails with malware |
580 (1 in every 3,741 emails contain malware) |
34K (1 in every 5,350 emails contain malware) |
|
Total # of emails flagged as impersonations |
6,206 (1 in every 350 emails are impersonations) |
42.4K (1 in every 4,290 emails are impersonations) |
What do the results say about healthcare cybersecurity?
Are healthcare organisations better or worse protected against email-borne threats than the rest of the tested organisations? Perhaps they are more attacked than the average organisation, and this would explain their higher rate of false positives?
My sense, based on this testing and my own educated guess based on years of security experience, is that healthcare organisations are no more or less attacked via email than other organisations, but that their email security defenses, for whatever reason, are lagging behind the others – although a 11.7% false negative rate for the entire test pool is nothing to be proud of!
Here’s an action plan for healthcare security teams
If you have not conducted a serious review of their email focused security controls in the last year or two, doing so should be a high priority! Both attackers and email security best practices have moved far over recent years – so it’s critical that defenders in healthcare do the same.
Comments:0
Add comment