search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
SOLUTION PROVIDER Q&A Sponsored Content


Cybersecurity: Intensifying Threats, New Strategies


Gurinder Bhatti Global Field Security Strategist


OKTA


Threats from bad actors are evolving daily, how can organizations prepare for new threats? Cyberattacks in the Healthcare sector have gotten worse by a substantial margin compared to previous years. 74% week over week increase globally in cyberattacks from 2021 to 2022 and that number jumps to 86% in the US. Before breaking the bank to start any project and buy technologies, one of the measures organizations need to undertake is to assess their existing security posture. By identifying who the users are, what applications and data they access and the flows between the two respectively, organizations will have an accurate risk register which then allows for designing appropriate security poli- cies. Another strategy is collaboration and information sharing. By sharing threat intel along with playbooks for successful security implementations, the entire Healthcare industry benefits in fortifying the ecosystem and can continue to practice this community effort and strengthen the industry moving forward.


IT departments at hospitals and health systems are historically underfunded. How can individuals get more funding and speak to senior leaders about the importance of a strong cybersecurity program? Security teams and efforts are often seen as cost centers because traditionally security has served in the capacity of being an insurance; an ‘in case something bad hap- pens, security will be there to protect’ mechanism. First, positioning cybersecurity as a board level imperative puts clear responsibility on the executives to ensure appropriate allocation of resources is being reviewed and evaluated continuously. Security leaders also need to change this ‘cost center’ framing and provide incen- tives to senior leaders for investing in projects that can be quantified to show a return on investment in the form of not only threat protection but also deprecating legacy systems, user productivity and consumer satisfaction which ultimately leads to revenue growth.


There is a lot of focus on the consumer healthcare space right now. What are some cybersecurity challenges with this evolution? Increased regulatory focus on safeguarding user data as well as a renewed emphasis on user privacy has put a ton of pressure on organizations to ensure they’re absolutely focused on protecting the data of their consumers. Since consumers cannot be governed by


traditional security policies that are within the organiza- tion’s controls, it presents a challenge to enforce security controls that are dependent on users interacting with the organization’s technology stack. Controlled perimeters, company issued assets or users traversing company networks are all security controls that for the most part are not at the disposal of security teams. These same security teams therefore need to find creative ways by leveraging security controls that exist via integrations with security vendors as well as native capabilities within applications.


Cybersecurity is an enterprise-wide effort. How can organizations train busy healthcare workers on best practices? User friction is a real thing! IT teams need to accept that users will find workarounds or even not perform up to par if their ability to execute their responsibilities is ham- pered by the gates and checkpoints designed to provide security. Security controls need to live in that gold- locks zone of enablement and enforcement by operat- ing behind the scenes as much as possible and only obstructing normal user activity when risk is detected according to the Organization’s policies. By embracing modern technologies such as passwordless authentica- tion, automatic governance processes and just-in-time capabilities, users are less likely to circumvent security controls and put the entire network at risk.


Where do you see this space in the next five to 10 years? The last few years have seen a targeted focus of cyber crime aimed at Healthcare institutions and this will con- tinue for a multitude of reasons. Healthcare data is more valuable to threat actors because its richer. To incentivize attackers further, Healthcare infrastructure is typically playing catchup to some other industries with respect to how modern it is and therefore its ability to withstand today’s threats. The steadfast increase of IoT devices has introduced another attack vector that threat actors will aim to compromise. New applications of software will need to comply with not only regulations such as HIPAA but also new standards such as SMART on FHIR that promote security and interoperability. Fortunately, the security industry has accepted this challenge and both private and private sector entities are collaborating and pursuing initiatives such as the M22-09 executive order on Zero Trust.


okta.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36