Healthcare Has Issues With Outsourced Cyber Security

Uploaded on 2024-02-07 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Three quarters (75%) of Healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats, according to new research by threat detection and response provider, e2e-assure.  

The study focuses on the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

Having a solid cyber security defence strategy is of urgent importance for Healthcare organisations, with e2e-assure's study finding the vast majority of Healthcare organisations (77%) have experienced a cyber attack. 

Outsourcing is currently the most popular solution for Healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%). 
This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes. Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”  

The research repeatedly reflects a strong trend from the Healthcare sector towards either relinquishing responsibility or working more closely with providers. 

Over a third (35%) of them are looking for a hybrid solution to extend their current teams. And aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.  

It comes as no surprise that speed is also essential, with 52% saying it’s a priority when it comes to making decisions around their cyber security environment. Control is the least important at 27%, again reflecting the trend that Healthcare organisations want to be able to rely on their providers.  

  • However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
  • Worryingly, only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries at 16%. 
  •  The biggest “don’t have but desire” of Healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care. 

Before Healthcare organisations are going to pass over more control, security providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment. Five key themes or cyber defence rejuvenation in 2024 emerged from the study:-

  • Providers will need to prove their value.
  • Security teams will relinquish more control to trusted providers.
  • Contracts will need to be more commercially flexible.
  • Service and tooling flexibility is a priority for organisations.
  • Quality cyber defence needs to become more accessible to organisations of all sizes

The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%). 

There is a way to go before providers are supporting Healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber attacks, exhausting an already over tired workforce.  

CEO of e2e-assure Rob Demain commented “With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

With the findings highlighting the need for a shift in the service offerings from providers, e2e-assure's report also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service and navigating the challenges of locked-in cyber contracts.

Image: Owen Beard

You Might Also Read: 

Under-Performing Cyber Security Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Supply Chain: AnyDesk Customers Affected By Credentials Breach
Neuralink Implant A Brain Chip In A Human »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

National Digital Exploitation Centre (NDEC) - United Kingdom

National Digital Exploitation Centre (NDEC) - United Kingdom

NDEC is a project to create a centre of cyber and digital development and education for the UK. It will offer training in digital practices, cyber security and research.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Cybeta

Cybeta

Cybeta's actionable cybersecurity intelligence keeps your business safe with strategic and operational security recommendations that prevent breaches.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Halogen Group

Halogen Group

Halogen Group is the leading Security Solutions Provider in West Africa. Services encompass Physical Security, Electronic Security, Virtual & Cyber Security, Risk Assessments and Training.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.