Healthcare CISOs Find Security Vendors Overpromising

Uploaded on 2016-07-20 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Chief information security officers have enough on their to-do lists just trying to safeguard hospitals from an ever-evolving array of cyber risks and privacy threats.

But a recent report from Institute for Critical Infrastructure Technology shows they have another challenge: a flood of information – not all of it helpful, or even accurate – from vendors, consultants and other security solution providers.

The report, authored by ICIT Senior Fellow James Scott and researcher Drew Spaniel, with additional research from fellow Rob Roy, offers recommendations for CISOs swimming in too much information, helping them focus on enterprise-wide security demands, better communicate their strategies and gain return on investment from the technologies they choose.

"In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget," according to ICIT. "They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization.” 

As they try to find solutions that offer the biggest bang for the buck, however, CISOs are inundated by vendor sales spiels: "Over the course of their role, some CISO s claim that annually they may hear hundreds of company pitches for security tools and solutions," authors write.

Not all of these tools are ready-made.

More than 1,200 cybersecurity startups companies have been funded over the past five years, to the tune of $7.3 billion, according to ICIT. Competing in such an oversaturated market, many of them "over-promise and under-deliver by offering unreliable silver bullet solutions."

Oftentimes, as they race to market, hoping to keep development costs low, these fledgling companies enlist CISOs to test out minimally viable products – soliciting them to offer feedback that could then inform development and refinement of the security tools before they're released more widely.

"The process often nets the CISO a discount and occasionally results in a customized and refined solution to the cybersecurity problem," according to ICIT. "However, every time a CISO discovers that the adopted vendor solution is unreliable, they must either adopt or develop a replacement solution."

That added responsibility not only increases the stress CISOs face, ICIT noted, but likely also contributes to the average turnover of 17 months for modern chief information security officers.

HealthcareITNews:   

« Malware Targeting Energy Companies
Ukraine Crisis Fits Cyber War Narrative »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.