60.5 F
Fort Worth
Friday, November 27, 2020
Health Care Cybersecurity mindfulness: Living with cyber risk and staying above the fray

Cybersecurity mindfulness: Living with cyber risk and staying above the fray

Other News

A look at big issues on Supreme Court’s agenda

Some of the issues either already on the Supreme Court's docket when it begins its new session or likely to be before the justices...

Wall Street posts solid gains after surge in corporate deals

By ALEX VEIGA and DAMIAN J. TROISE AP Business Writers Wall Street kicked off the week with a broad rally Monday, clawing back much of...

Tarrant County ranks low in work-from-home study by NAR

North Texas ranks pretty high in the “Work from Home” category, according to a just-released study by the National Association of Realtors. But Tarrant...

Commentary: Universities and COVID-19: Charting turbulent times

Ray Perryman As the COVID-19 pandemic emerged this spring, college campuses across the United States swiftly sent students home in droves and switched to...

Over the past five years we have seen a fundamental shift in the cyber threat landscape. The news is filled with examples of how companies are having their data stolen or their systems disrupted. Over the coming years we will see the next evolution of cyber threats. The explosion of the Internet of Things, increased connectedness, business reliance on technology and data sprawl will create significant exposure for most industries.

Even with this increasing exposure, a breach or harm event does not have to be inevitable. There are ways to position your organization in preventing a major cyber breach or disruption of services.

An organizational culture that recognizes cybersecurity as a business imperative is a great way to improve security program performance. Moving toward a culture that is both strategically and operationally sensitive to cybersecurity needs is a significant change for any company. An organizational philosophy that is responsive to this culture and mindset change and has been effective within industries that deal with life safety is the “High Reliability Organization”.

High Reliability Organizational principles have the potential to create a culture of “Cybersecurity mindfulness”. If we applied these principles and mindfulness to a cybersecurity program it would have these characteristics.

• A preoccupation with the failure of Cybersecurity controls.

• Reluctance to simplify interpretations of risk exposure and threat data.

• Active observation, situational awareness and engagement of leaders and stakeholders within the Cybersecurity program.

• Recognizing that Cybersecurity is a business imperative and the need for the building of resiliency within the business to support that imperative.

• Listening to and involving subject matter experts from across the business.

• The creation of transparency, trust and accountability with a focus on continuous learning.

• The sharing of cybersecurity best practices and threat information with other businesses and industries.

Driving High reliability principles within the business and its cybersecurity program is no easy task. It is a cultural shift that can take years to take hold. There are some activities that I believe can make an immediate impact and have the potential for creating positive stakeholder engagement and the planting of seeds for a successful program.

Having a cyber risk management program that fully inventories risk and identifies the most significant cyber threats to the business can be extremely helpful. When addressing inventorying risk, it is best to start with an inventory of all your data and assets as well a security control framework. The National Institute of Standards Cybersecurity Framework is a great place to start. Evaluating your environment against these sets of controls can help you better understand your cyber weaknesses.

Cybersecurity controls do not mean much unless you understand the threats that are most relevant to your industry and business. Performing threat event and scenario walkthroughs and collaborations is an excellent approach to developing a common understanding of the most probable and harmful cybersecurity incidents. The output of this collaboration would be a scenario catalog that would be linked to both cybersecurity risk management and operational activities. This approach and the bridging of operations and risk management helps create a collective understanding across all stakeholder groups. By bridging operations and risk management, there is a direct signaling structure that allows leadership to set risk tolerance into operations and for operations to signal effectiveness back to leadership.

Building a plan that is prepared for today and the future can be a daunting task for any organization. As stated earlier, cyberattacks are going to become much more complex in the future. To be prepared, organizations will need to think differently. “Living with cyber risk” will become the norm. Traditional risk registers will need to transform into risk portfolios where good and bad risk can co-exist together for effective management of trade-off decisions. Cybersecurity programs will need to transform into high reliability programs that can adapt quickly to business changes and the evolving threat landscape. Cybersecurity will need to be fully integrated into the end-to-end service delivery and not viewed as an outlier process.

An organization’s plans will need to recognize that whether we are a local Fort Worth business or large global company, we all must coexist together on the Internet. We are interconnected and have the potential to impact each other. A great example is the recent Denial of Service attacks that impacted large portions of the Internet in October. This attack used malicious software that took control of “Internet of Things” such as DVRs and video cameras. These devices flooded the Internet service that allows our Internet browsers to find websites like cnn.com and twitter.com. Who would have thought that systems such as these could be used to perform cyber-attacks?

I believe that applying High Reliability Organizational principles and creating a culture of “Cybersecurity mindfulness” has the ability to reduce the probability of a business being a victim of a successful cyber-attack. At minimum, it has the potential to reduce the impact of a breach to customer’s data and improve Cybersecurity investment prioritization.

Ron Mehring is vice president of technology & security, Texas Health Resources


close






Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox.

We don’t spam! Read our privacy policy for more info.

Latest News

3rd major COVID-19 vaccine shown to be effective and cheaper

By DANICA KIRKA Associated PressLONDON (AP) — Drugmaker AstraZeneca said Monday that late-stage trials showed its COVID-19 vaccine is highly effective, buoying the prospects...

Left for dead, twice, RadioShack gets another shot online

SILVER SPRING, Md. (AP) — RadioShack, a fixture at the mall for decades, has been pulled from brink of death, again. It’s the most prized...

These health care workers will be first in line for a COVID-19 vaccine

Health care workers will be the first people in Texas to receive a COVID-19 vaccine once one receives emergency approval from the U.S. government,...

Tarrant County reports 1,537 new COVID cases on Sunday and 6 deaths

Tarrant County Public Health reported 1,537 new cases on Sunday, Nov. 22 and six deaths. “It took 90 days to reach 10,000 cases in June....

Employers start sending workers shopping for health coverage

Instead of offering one or more options, some companies are turning health insurance shopping over to employees. A federal rule change last year stoked this...