Imagine your medical records ending up on the dark web, with someone threatening to use them against you. Among the biggest cybersecurity challenges of 2022 are remote work, attacks on cloud systems, phishing, and ransomware. How can organizations effectively face these risks?
We spoke with Roman Varga, Chief Security Officer at Dôvera Health Insurance and guest speaker at SECURITY NIGHT, which took place on October 20, 2022, in Košice.
The Growing Threat Landscape
Hackers are increasingly targeting specific organizations with sophisticated attacks. One of the most dangerous methods is hybrid phishing — combining email and voice communication to breach enterprise networks, spread ransomware, and carry out extortion.
Picture your health records published on the dark web, or urgent healthcare services suddenly unavailable due to a system outage. Imagine manipulated CT scans before critical surgery. In healthcare especially, sensitive data breaches can cause irreversible damage.
Preventing Data Loss Effectively
Data loss following a ransomware attack can be mitigated using technologies that ensure the immutability of backups. These WORM (Write Once, Read Many) solutions, whether software- or hardware-based, guarantee that backups cannot be overwritten. However, they don’t provide full protection against data leaks, downtime, extortion, or reputational damage — risks that no organization wants to experience.
Key Security Measures
- Endpoint protection with EDR (Endpoint Detection and Response)
- Inspection of encrypted email attachments before they are opened
- Continuous cybersecurity education for all employees and critical system vendors
- Simulation exercises — such as phishing campaigns and penetration tests — to identify weaknesses and focus improvements where they matter most
Hybrid Clouds and Vendor Risks
Many organizations work with multiple technology partners while running critical applications in hybrid clouds — which introduces new risks. One answer lies in creating a secure development environment with guaranteed sustainability and safe operations.
Risk assessments must also account for vendor lock-in and exit strategies for cloud services. While consolidating vendors and cloud infrastructure can strengthen security, it also brings new challenges that must be addressed. Compliance with legislative requirements and international standards is a crucial part of this equation.
The Human Factor — Still the Weakest Link
According to Stanford University research, employees are responsible for up to 88% of data breaches. Why are internal threats often more effective than external ones?
Employees may unknowingly execute malicious code on their workstation, opening the door for attackers to install malware. This can lead to a breach of IT infrastructure, data exfiltration, encryption, and subsequent extortion.
Such incidents occur most often in environments lacking tools for protection, detection, and response, or where basic principles of secure development, vulnerability management, and patching are not followed.
Where to Find Inspiration
“I’ll stay local,” says Varga. “My everyday inspiration comes from colleagues in Dôvera’s IT department — they combine perspective with deep expertise in cybersecurity. I’m also inspired by Slovak ethical hackers and their impactful work: Nethemba, Citadelo, ESET, and IstorSec. And of course, the National Cyber Security Centre SK-CERT, which provides a functional system for managing and preventing cybersecurity incidents.”
Published: 5. September 2022
Read also
Get first-hand technology news
Trends, practical inspiration and recommendations in your inbox