Healthcare CISOs Find Security Vendors Overpromising

Uploaded on 2016-07-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Chief information security officers have enough on their to-do lists just trying to safeguard hospitals from an ever-evolving array of cyber risks and privacy threats.

But a recent report from Institute for Critical Infrastructure Technology shows they have another challenge: a flood of information – not all of it helpful, or even accurate – from vendors, consultants and other security solution providers.

The report, authored by ICIT Senior Fellow James Scott and researcher Drew Spaniel, with additional research from fellow Rob Roy, offers recommendations for CISOs swimming in too much information, helping them focus on enterprise-wide security demands, better communicate their strategies and gain return on investment from the technologies they choose.

"In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget," according to ICIT. "They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization.” 

As they try to find solutions that offer the biggest bang for the buck, however, CISOs are inundated by vendor sales spiels: "Over the course of their role, some CISO s claim that annually they may hear hundreds of company pitches for security tools and solutions," authors write.

Not all of these tools are ready-made.

More than 1,200 cybersecurity startups companies have been funded over the past five years, to the tune of $7.3 billion, according to ICIT. Competing in such an oversaturated market, many of them "over-promise and under-deliver by offering unreliable silver bullet solutions."

Oftentimes, as they race to market, hoping to keep development costs low, these fledgling companies enlist CISOs to test out minimally viable products – soliciting them to offer feedback that could then inform development and refinement of the security tools before they're released more widely.

"The process often nets the CISO a discount and occasionally results in a customized and refined solution to the cybersecurity problem," according to ICIT. "However, every time a CISO discovers that the adopted vendor solution is unreliable, they must either adopt or develop a replacement solution."

That added responsibility not only increases the stress CISOs face, ICIT noted, but likely also contributes to the average turnover of 17 months for modern chief information security officers.

HealthcareITNews:   

« Malware Targeting Energy Companies
Ukraine Crisis Fits Cyber War Narrative »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

National Authority for Electronic Certification and Cyber Security (AKCESK) - Albania

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

Mother Technologies

Mother Technologies

From Datacentre to Desktop, Mother Technologies has been delivering IT Support, Telecoms, Cybersecurity and Connectivity services to businesses across Scotland and beyond since 2002.