Updated on: April 22, 2024
Pavlo Biloivan, PM and Information Security Manager at Gera-IT, joined Safety Detectives to discuss the most pressing cyber threats and gaps in cybersecurity awareness affecting the Digital Health software industry.
He also shared his tips to improve both business and individual threat protection from his experience of 200+ projects developed for clients worldwide.
Introduce yourself and your company to our audience
I’m Pavlo Biloivan, and I work as a PM and Information Security Manager at Gera-IT.
With a strong project management background, I ensure projects are delivered on time, within budget, and satisfy client needs. I also specialize in information security to protect systems and data from cyber threats and ensure compliance with regulations, prioritizing project success and security.
Gera-IT has been working hard to provide top-quality, safe, and creative software solutions to clients from various industries for 18 years. In the last 10, we have focused mainly on the Digital Health industry, and completed more than 200 projects for over 100 clients worldwide.
Keeping data safe and private is very important to us, so we assist our clients in ensuring that their software solutions comply with essential Security Regulations such as HIPAA, GDPR, PIPEDA, and HDPA.
What are the most challenging cybersecurity threats faced today by individuals in your industry?
Phishing and ransomware attacks are the most challenging cybersecurity threats faced in the software development industry, especially those working in Digital Health, like us at Gera-IT.
Phishing
Phishing tricks people into sharing sensitive information through seemingly harmless messages with malicious intent.
Selling confidential patient medical records (Protected Health Information or PHI) is highly profitable for hackers, even more than Personally Identifiable Information (PII) like credit card data. In fact, PHI records can sell for up to 50 times more than PII.
That’s because medical histories like diagnoses and prescriptions, cannot be changed as easily as a credit card, so cybercriminals can reuse them in several ways to defraud health companies, like insurance organizations, pharmacies, medical device providers etc.
Phishing is by far hackers’ favorite type of cyber attack to target healthcare providers, who are increasingly reliant on email communication to swiftly exchange medical and insurance records, and therefore particularly vulnerable to data breaches.
Ransomware
Ransomware directly targets and locks data until a ransom is paid, and Healthcare providers re a great target for ransomware groups, because they usually have the money to pay the ransom, and retrieving the stolen data can be a matter of life and death.
📈 According to a study by the cybersecurity firm Emsisoft, 46 hospital systems suffered ransomware attacks in 2023, up 84% from 2022.
These threats exploit human vulnerabilities and can disrupt projects, cause financial losses, and damage professional reputation and client trust. To combat them, Gera-IT prioritizes vigilance, security measures, awareness, regular audits, and a culture of cybersecurity responsibility.
How do people in your industry usually address these threats?
Addressing cybersecurity threats like phishing and ransomware requires a systematic approach. Traditionally, this involves deploying advanced security software solutions such as firewalls, antivirus programs, and email filters designed to detect and block malicious activity. In addition, regular security audits and vulnerability assessments are conducted to identify and address potential weaknesses in systems and networks.
However, while these technical guarantees are necessary, they may not be sufficient alone. The evolving nature of cyber threats requires an equally dynamic and adaptive approach.
At Gera-IT, we advocate and implement a more holistic strategy that not only includes technological security but also emphasizes the human element. We invest in ongoing education and training for our team and clients to ensure everyone knows the latest threats and understands cybersecurity best practices. This approach includes developing a culture of skepticism towards unwanted messages and understanding the importance of using secure passwords and the need for regular software updates. We are also distinguished by our active interaction with clients on cybersecurity issues.
We don’t just build secure software; we ensure our clients are equipped to maintain that security post-delivery.
This includes:
- offering tailored training sessions
- providing regular security updates
- being available for consultations on emerging cyber threats
Our support extends beyond mere transactional interactions, fostering a partnership that empowers our clients to navigate the cybersecurity landscape confidently.
“Gera allows me great visibility into the development process, and there was never a time when I didn’t know what was going on… I don’t foresee changing development partners.”
Tim Lloyd, Founder of SafeInHome
How do you ensure your personal cybersecurity and online privacy?
At Gera-IT, we take protecting our online presence seriously and follow the advice we give our clients.
We use tools like antivirus software, VPNs, and password managers to protect our information from viruses, protect our internet connection, stay anonymous online, and have strong, unique passwords for different accounts. It’s also important to regularly update your software to fix any possible security issues and use multi-factor authentication for added security.
In addition to using these tools, we believe that staying informed and educated about cybersecurity is crucial. We help our clients implement these practices to keep everyone safe. This helps create a culture of security awareness within our team and customers.
We suggest staying updated on cybersecurity news and joining forums to learn about new threats and defenses to stay alert and well-informed. Below are some commonly utilized resources tailored to our specialization:
- OWASP Application Security Verification Standard: https://owasp.org/www-project-application-security-verification-standard/
- International Organization for Standardization (ISO) standards: https://www.iso.org/standards.html
- National Institute of Standards and Technology (NIST): https://www.nist.gov/publications
These resources can be greatly valuable for staying informed and proactive in the field of cybersecurity.
Do you think the level of cybersecurity awareness is improving among individuals in your industry?
People are indeed becoming more aware of digital threats and are taking steps to protect themselves, such as using multi-factor authentication, updating software regularly, and using advanced security tools. More people also participate in cybersecurity training and education to better understand and mitigate risks.
However, there are still areas that need improvement:
- Many individuals must better recognize and handle social engineering attacks like phishing, which exploit human weaknesses
- Not enough health organizations conduct regular security audits, leaving potential vulnerabilities unresolved
- Some misconceptions about cybersecurity still exist, such as thinking it’s only the responsibility of IT departments or relying solely on technology for protection.
To improve cybersecurity awareness, there needs to be ongoing education at all levels of organizations, regular communication about incidents and security tips, and a culture that encourages asking questions and reporting suspicious activity without fear of repercussions.
By taking these steps and investing in training and resources, we can make the digital world safer for everyone.
What cybersecurity trends and technologies are you keeping an eye on?
Staying abreast of emerging trends and technologies is paramount for Gera-IT to protect our digital ecosystem and clients.
One of the trends we are closely monitoring is the rise in the use of artificial intelligence (AI) and machine learning (ML) in cybersecurity. These technologies have the dual potential to significantly improve security measures by identifying and neutralizing threats faster than traditional methods. However, they also open new horizons for cyber threats as attackers use AI to develop more sophisticated attack vectors. This duality underscores the importance of developing strong ethics and safety frameworks in AI.
Another exciting trend is the growing interconnectivity of devices through the Internet of Things (IoT). While IoT offers unparalleled convenience and efficiency, it also expands the attack surface, opening up numerous vulnerabilities that can be exploited. The proliferation of IoT devices requires a shift to more comprehensive security strategies that extend beyond individual devices to the entire network ecosystem.
To navigate these changes, individuals and organizations must prioritize continuous learning and adaptability. It is critical to adopt a culture of cybersecurity awareness where ongoing education and proactive security practices become the norm.