Valuable Security Assets Are Human, Not Technical

Uploaded on 2016-10-27 in FREE TO VIEW, NEWS-Cybersecurity News

You already know that the biggest threat to healthcare IT security is the human element. But if human beings are the greatest vulnerability, that also makes them the strongest asset. Here’s why.

According to the 2016 HIMSS Cybersecurity Survey, the two primary healthcare IT security concerns among provider organizations (hospitals and physician practices) are phishing attacks (most pressing concern for 77 percent of respondents) and viruses/malware (67 percent). Both events require a responsive actor on the organization side of the transaction for hackers to access patient data.

It may seem like this is a rather straightforward problem to resolve—just make sure clinicians and staff have the requisite knowledge and are savvy enough to not get duped, and all is good. In reality, especially among larger organizations with hundreds of potential points of entry, turning human beings into alert sentries is a constant human behavioral challenge.

So what strategies can even a large healthcare organization employ to ensure that the people who use IT systems are firmly engaged in system defense?

Train, train and then train some more. A study by Wombat Security Technologies and the Aberdeen Group suggests that upgrading employee awareness can reduce security risk by anywhere from 45 to 70 percent. Among the highlights of the report are these bits of crucial and related information:

There is no such thing as a 100 percent secure IT system if it is used by people. It makes little sense to invest heavily in technology if you fail to effectively train system users.

An organization with $200 million in annual revenue can expect to lose $2.5 million per year from infections borne of employee behavior, with an 80 percent chance the loss could jump to $8 million annually. (Note that this is across organizations and not specific to healthcare.)

Don’t assume that any bit of information about system security—maintaining strong passwords, keeping mobile devices secure, navigating the internet safely and so on—is common knowledge to employees and staff. Someone may not know something that will cause your organization harm.

Your goal in training is to inculcate a culture of security that becomes second nature to every user beyond just IT staff. Indeed, you are working to expand the awareness of the IT team outward to all staff and employees.
According to the results of another recent survey conducted across industries by Experian Data Breach Resolution and the Ponemon Institute, there is room for much improvement when it comes to preparing employees.

HealthDataManagement

« Russian Citizen Charged With Hacking LinkedIn
US Banks Face New Demands To Protect Themselves From Hackers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Cygilant

Cygilant

Cygilant is a SOC2 certified service provider that combines MSSP and Incident Detection and Response (IDR) capabilities managed by global SOCs staffed with trained security engineers.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Decent Cybersecurity

Decent Cybersecurity

Decent Cybersecurity is a forerunner and proven partner in the field of cybersecurity, utilizing AI, post-quantum cryptography and quantum resistant blockchain for data protection enhancement.