No doubt, ransomware is a serious problem. And operators of critical infrastructures are doing well, to keep their system infrastructure up to date to prevent them from being high jacked of ransomware. Because the damage could be high, as we have seen when UK hospitals have been hit by Locky and Wannacry ramsomware.
I had the pleasure to listen to Francesco de Meo, CEO of Germany€™s biggest private healthcare and clinic enterprise at the data debates event in Berlin. He pointed out that ransomware is one of the biggest security threat for hospitals and that IT security is highly aware to protect against it.
For sure he is wrong. Ransomware is a big threat, but also easy to defend. All you need is a proper implemented update process for you IT Systems.
The biggest threat for Hospitals are cyber weapons
In the past Hospitals have been always targets on warfare €“ irrespective of the Geneva Protocol or Hague Conventions. Even today we see hospitals hit in Syria by conventional weapons, with more over than 1000 airstrikes on 117 hospitals in 2016.
But if hospitals are a target on conventional warfare, what does it mean for cyber war?
It€™s a serious consequence that they are priority targets for cyber weapons. As far we know from cyber weapons €“ their attacking vectors are much sophisticated. Using zero date exploits to intrude unnoticed by security guards, operating as sleeping agents waiting for remote commands and cover their tracks of attacker€™s origin.
So how an ordinary hospital IT security infrastructure can prevent from being a target of cyber weapons?
Cyber commands worldwide are paying millions of dollars to acquire zero day exploits from black hat hacker markets. Cyber weapon carrier will not disclosure this exploits as are the €œwarheads€ of cyber-attacks, providing a military advantage.
As long governmental programs will foster the undisclosure of zero day exploits, we are running into an unsecure internet infrastructure. That€™s why the biggest threats for hospital is not ransomware. It€™s military and intelligence attackers. No critical infrastructure can prevent from being hit unless we define a worldwide proscription of cyber weapons.