Healthcare Has Issues With Outsourced Cyber Security

Uploaded on 2024-02-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Three quarters (75%) of Healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats, according to new research by threat detection and response provider, e2e-assure.  

The study focuses on the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

Having a solid cyber security defence strategy is of urgent importance for Healthcare organisations, with e2e-assure's study finding the vast majority of Healthcare organisations (77%) have experienced a cyber attack. 

Outsourcing is currently the most popular solution for Healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%). 
This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes. Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”  

The research repeatedly reflects a strong trend from the Healthcare sector towards either relinquishing responsibility or working more closely with providers. 

Over a third (35%) of them are looking for a hybrid solution to extend their current teams. And aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.  

It comes as no surprise that speed is also essential, with 52% saying it’s a priority when it comes to making decisions around their cyber security environment. Control is the least important at 27%, again reflecting the trend that Healthcare organisations want to be able to rely on their providers.  

  • However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
  • Worryingly, only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries at 16%. 
  •  The biggest “don’t have but desire” of Healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care. 

Before Healthcare organisations are going to pass over more control, security providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment. Five key themes or cyber defence rejuvenation in 2024 emerged from the study:-

  • Providers will need to prove their value.
  • Security teams will relinquish more control to trusted providers.
  • Contracts will need to be more commercially flexible.
  • Service and tooling flexibility is a priority for organisations.
  • Quality cyber defence needs to become more accessible to organisations of all sizes

The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%). 

There is a way to go before providers are supporting Healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber attacks, exhausting an already over tired workforce.  

CEO of e2e-assure Rob Demain commented “With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

With the findings highlighting the need for a shift in the service offerings from providers, e2e-assure's report also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service and navigating the challenges of locked-in cyber contracts.

Image: Owen Beard

You Might Also Read: 

Under-Performing Cyber Security Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Supply Chain: AnyDesk Customers Affected By Credentials Breach
Neuralink Implant A Brain Chip In A Human »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Zafran

Zafran

Zafran is a Risk & Mitigation Platform that defuses threat exploitation by mobilizing existing security tools.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.