C.3 System security Flashcards
Select system security risks and mitigation strategies.
What significant change occurred in the Australian health sector’s cyber threat landscape in 2020?
68% increase in cyber security incident reports compared to 2019
This change was influenced by the Covid pandemic and various operational pressures.
What are some reasons for the increase in cyber security incidents in the health sector?
Factors include:
* New targets from non-traditional entities
* Increased operational pressure on existing organizations
* Greater attack surfaces from remote work
* Malicious actors exploiting fear and uncertainty
Which sector reported the highest number of incidents to the ACSC in 2020?
The health sector
This sector is considered both valuable and vulnerable due to sensitive data and critical services.
What percentage of health sector incidents reported to the ACSC in 2020 involved compromised systems?
52%
This represents an 11% increase from 2019.
What is currently assessed as the most significant cybercrime threat to the Australian health sector?
Ransomware
This highlights the increasing risks faced by health organizations.
What was the average number of security breaches faced by companies in 2020?
22 security breaches
This statistic reflects the growing cyber threat landscape.
What percentage of cyber attacks are targeted at small businesses?
43%
This indicates that small businesses are particularly vulnerable to cyber threats.
What is the association of human error with cybersecurity breaches?
Human error is associated with more than 95% of breaches
This emphasizes the importance of training and awareness.
What percentage of healthcare organizations globally have experienced data breaches?
Around 94%
This statistic underscores the critical cybersecurity challenges in healthcare.
What key roles are often lacking in healthcare organizations, contributing to data breaches?
Chief Information Officer and Chief Security Information Officer
Their absence can lead to increased vulnerability.
What are the ‘essential eight’ mitigation strategies for cybersecurity?
The strategies include:
* Application control
* Regular patching and updates
* Controlled macro settings
* Implementation of hardening guidance
* Restricted administrative privileges
* Prompt patching of internet-facing services
* Multi-factor authentication
* Regular backups
What is the purpose of the Security of Critical Infrastructure Act 2018?
To enhance cybersecurity across critical sectors, including health
The Act includes mandatory cyber incident reporting.
What challenges are highlighted from the AIDH’s 2018 cybersecurity survey?
Challenges include:
* Lack of responsibility awareness among staff
* Low knowledge of cybersecurity policies
* Use of unsupported systems
* Insufficient business continuity testing
* Limited cybersecurity budget
What are some emerging trends in cybersecurity risk within Australian healthcare?
Emerging trends include:
* Vulnerabilities in medical devices
* Data confidentiality and privacy concerns
* Risks associated with cloud computing
* Security issues with health apps
* Insider threats due to ignorance
True or False: The healthcare sector has high cybersecurity capability maturity.
False
The sector is recognized as having low cybersecurity capability maturity.
What is a significant driver for regulatory and policy oversight in healthcare cybersecurity?
Health information privacy and security concerns of patients/consumers
What does ISO 27799:2016 provide guidelines for?
Information security management in health using ISO/IEC 27002
It supplements ISO/IEC 27002 for managing health information security.
Fill in the blank: More than ____% of clinical staff knew their organization’s cybersecurity policies.
11
What is the average cost of a healthcare data breach compared to other industries?
65% higher
This statistic highlights the financial implications of cybersecurity incidents in healthcare.
