As far as cyber security analogies go, this one is out there. Way out there in the “neutral zone.” But bear with us.
SC Magazine’s recent story, “The High Cost of Staying Protected: Security Expenses,” sheds light on the disturbing trend of CISOs, IT teams and security departments being asked to do so much more to protect data but on the same budgets of years’ past.
Each security expert SC Magazine interviewed agreed that CSOs and CISOs are unfairly tasked with doing more with less. Much less, if you consider the risk, brand damage, fines and other penalties organizations face should a breach occur and data is lost.
When we dig into vertical-specific challenges, healthcare organizations face the biggest battles — they store some of the world’s most sensitive and critical data.
“They have rich targets of groundbreaking medical research and valuable customer data, but have a corporate culture of putting their biggest investments in saving lives versus protecting data,” Schilling told SC Magazine. “I cannot argue that those priorities are wrong, but it does create a quagmire of security professionals trying to protect important data with very limited resources.”
This reality places CISOs in distinct tactical disadvantages. As Schilling compared, it’s akin to the ‘Kobayashi Maru’ scenario presented in a no-win training simulation in Star Trek II. It tests the character and aptitude of training candidates, but also requires trainees to redefine approaches to the problem to succeed.
As Schilling says, this is where the healthcare industry — and respective healthcare IT organizations that serve them — needs to redefine how they approach data security. The legacy approaches that worked in the past are no longer acceptable in the current threat environment.
As it stands, it’s that same no-win situation. Schilling believes that these organizations need to consider 98 percent of their environment as contested space. From there, they can diligently defend that critical 2 percent of data that threat actors target.