How HITRUST Assessments are Adapting to Cyber Threats in 2024

Staying ahead of emerging threats is crucial for organizations looking to protect their data and systems. HITRUST assessments are designed to help organizations maintain strong defenses.

As part of our commitment to threat-adaptive requirements, we continually evaluate and refine our assessment framework to address trending and emerging attack methods. We recently examined the latest Q3 2024 threat data to ensure our requirements in the HITRUST i1 assessment remain effective and serve as a baseline for the rigorous r2 assessment.

We focused on the prominent cyberattack techniques and analyzed them using the MITRE ATT&CK Framework. This model allows us to map threat techniques to specific mitigations and tailor requirements that counteract real-world tactics.

If you are seeking to understand the technical depth of each requirement, read our detailed blog post: Q3 2024 Threat-Adaptive Evaluation for the HITRUST i1 and r2 Assessments.

Here are the quick highlights.

Top Trending Threats for Q3 2024

• Exfiltration Over Web Service (T1567): This technique involves cybercriminals stealing data using web services as a transfer medium. It is one of the top trending threats. Aligning with MITRE recommendations, the HITRUST i1 requires data categorization, protection of covered and confidential information, and restrictions on accessing certain websites and domains. These requirements help prevent unauthorized data from leaving the network by forcing traffic through secure, monitored pathways and restricting access where necessary.
• Browser Session Hijacking (T1185): This technique allows attackers to hijack active web sessions and gain unauthorized access to information. HITRUST i1 addresses this threat by requiring the implementation of strict user permissions, restricting high-integrity processes, and educating users on the importance of securely closing browser sessions.

Emerging Threat Techniques

In addition to trends, we track emerging threats that could grow in relevance. We focused on the following three techniques.

• Data From Network Shares (T1039): Attackers may attempt to access sensitive data stored on network shares, typically used for sharing within organizations. This cyberattack technique can be challenging to control because it abuses legitimate system features. HITRUST i1 mitigates this risk by advising organizations to carefully categorize data and restrict access to only authorized users, limiting potential exposure.
• Debugger Evasion (T1622): Attackers often attempt to avoid detection by bypassing debugging tools. Debugging tools are used by security teams to analyze malware, and evasion makes analysis harder. HITRUST i1 recommends proactive monitoring and regular reviews of potential malware signatures.
• Escape to Host (T1611): Containers are intended to isolate applications from the host environment, but some attackers try to break out of these isolated environments to access the broader system. HITRUST i1 addresses this by enforcing strict application and network control policies, alongside anti-malware protections that ensure containers remain separated from host systems.

Adaptive Requirements to Stay Prepared

The adaptive nature of HITRUST assessments is a critical feature that sets it apart from static compliance frameworks. As cyber threats evolve, so do our requirements, ensuring that organizations using the assessment benefit from a library of requirements that aligns with current threat intelligence. HITRUST i1 requirements are built to address the most common cyberattack techniques, covering over 99% of identified threats in the latest MITRE ATT&CK analysis. As an added benefit, these requirements also serve as the foundation for the HITRUST r2 assessment, a more advanced framework offering comprehensive protection for high-risk environments.

Our Q3 analysis underlines the effectiveness of HITRUST’s threat-adaptive requirement set, equipping organizations to navigate a complex and fast-changing cyber landscape. For a deeper dive into the technical details of requirements, explore our blog post: Q3 2024 Threat-Adaptive Evaluation for the HITRUST i1 and r2 Assessments.