Valuable Security Assets Are Human, Not Technical

Uploaded on 2016-10-27 in FREE TO VIEW, NEWS-Cybersecurity News

You already know that the biggest threat to healthcare IT security is the human element. But if human beings are the greatest vulnerability, that also makes them the strongest asset. Here’s why.

According to the 2016 HIMSS Cybersecurity Survey, the two primary healthcare IT security concerns among provider organizations (hospitals and physician practices) are phishing attacks (most pressing concern for 77 percent of respondents) and viruses/malware (67 percent). Both events require a responsive actor on the organization side of the transaction for hackers to access patient data.

It may seem like this is a rather straightforward problem to resolve—just make sure clinicians and staff have the requisite knowledge and are savvy enough to not get duped, and all is good. In reality, especially among larger organizations with hundreds of potential points of entry, turning human beings into alert sentries is a constant human behavioral challenge.

So what strategies can even a large healthcare organization employ to ensure that the people who use IT systems are firmly engaged in system defense?

Train, train and then train some more. A study by Wombat Security Technologies and the Aberdeen Group suggests that upgrading employee awareness can reduce security risk by anywhere from 45 to 70 percent. Among the highlights of the report are these bits of crucial and related information:

There is no such thing as a 100 percent secure IT system if it is used by people. It makes little sense to invest heavily in technology if you fail to effectively train system users.

An organization with $200 million in annual revenue can expect to lose $2.5 million per year from infections borne of employee behavior, with an 80 percent chance the loss could jump to $8 million annually. (Note that this is across organizations and not specific to healthcare.)

Don’t assume that any bit of information about system security—maintaining strong passwords, keeping mobile devices secure, navigating the internet safely and so on—is common knowledge to employees and staff. Someone may not know something that will cause your organization harm.

Your goal in training is to inculcate a culture of security that becomes second nature to every user beyond just IT staff. Indeed, you are working to expand the awareness of the IT team outward to all staff and employees.
According to the results of another recent survey conducted across industries by Experian Data Breach Resolution and the Ponemon Institute, there is room for much improvement when it comes to preparing employees.

HealthDataManagement

« Russian Citizen Charged With Hacking LinkedIn
US Banks Face New Demands To Protect Themselves From Hackers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Integrity360

Integrity360

Integrity360 is a leading independent cyber security and payments compliance specialist providing dedicated experts for managed services, consulting services, penetration testing and incident response

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

AArete

AArete

AArete is a global management and technology consulting firm specializing in strategic profitability improvement, digital transformation, and advisory services.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

Fable Security

Fable Security

We’re reimagining human risk management. Fable brings together the best of engineering, behavioral science, and AI to solve one of security’s hardest problems.