The wave of attacks against hospitals reminds us that hackers are ruthless and determined. Facing them, IT teams struggle with resources constrained by budgetary restrictions. For some, the temptation to reduce protective barriers is strong. They lower their defense capabilities by entrusting their security to a single piece of equipment: the firewall. 100% of the sites attacked were equipped with firewalls, proving that they are insufficient.
The recent attacks on healthcare facilities are particularly shocking. Their success in several cases should make us reflect on the defenses that have been put in place.
Demanding institutions maintain robust protections. But in recent years, some hospitals have significantly lowered their level of defense. Budgetary decisions have led them to remove the number of protective barriers, entrusting all their security to a single piece of equipment: the Next Generation firewall. It has become their only defense.
However, the first principle of security is to set up several different barriers against attackers. By using a single technology to combat threats regardless of their origin, this principle is being violated. Firewalls have been used in an increasing number of IT security areas, providing the same response for servers, client workstations, internet access, email, etc. 100% of the establishments that were successfully attacked had these latest-generation firewalls, proving that they were not sufficient.
Alexandre Souillé, president of Olfeo, France's leading web security company, explains: "Demanding organizations put up several consecutive barriers against cybercriminals. Conversely, we have seen a shift toward an "all-firewall" approach in recent years. This is quite disappointing: who would think of putting the same lock on their door four times? Three separate protection systems from different technologies and brands will be more effective. We need to go back to basics and follow the recommendations of the ANSSI."
Ransomware penetrates the targeted organization's IT system in a particularly vicious manner, using several channels, including email and the web, before infecting all servers. The combination of a firewall, proxy, and anti-spam software from different publishers offers the best possible protection. This is also recommendation No. 22 in the ANSSI security guide, which it would be wise to follow.
To make matters worse, with the consolidation of publishers, four firewall brands share the French market. Firewalls have thus become "consumer" products that can be freely acquired by hackers, who can test their attacks at leisure to see if they can get through this single barrier.
Healthcare institutions are therefore very unevenly equipped to deal with this wave of attacks, with some being much better prepared than others.
About Olfeo
Olfeo is the French leader in web security. For over 18 years, it has been supporting demanding companies in securing, analyzing, and optimizing their web traffic. Thanks to its in-depth knowledge of the needs of French organizations, it has developed a disruptive web security gateway based on a global vision, not just a technological one. Olfeo covers advanced proxy, SSL decryption, web filtering, web antivirus, nomadism, public portal, DNS, cybersecurity training, and more, whether in SaaS or on-premise. www.olfeo.com
Press Contact:
Adeline Weugue
4, rue de Ventadour – 75001 Paris
01 84 16 91 58 / 06 38 79 46 96
aweugue@olfeo.com
