A recent study on risk-based security management in the healthcare and pharmaceutical industries revealed that despite regulatory pressures, these industries lag behind other sectors in the implementation of critical security controls.
Key findings in the study included:
- 70 percent say communicating the state of security risk to senior executives is not effective because communications are contained in one department or line of business
- Only 52 percent use formal risk assessments to identify security threats
- Only 58 percent have fully or partially deployed change control and security configuration management
Joshua Lyons, Director of Client Relations at Fortrex Technologies, discusses the need for CISOs to develop and maintain executive level advocates to better communicate how security is essential as a business enabler in order to ensure adequate budgetary outlays to implement improved IT security controls.
“It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement,” said Dwayne Melancon, Chief Technology Officer for Tripwire.
“About half of healthcare and pharmaceutical organizations are not using any kind of formal risk assessments, and they are also far less open to challenging current assumptions. Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses.”
As the final omnibus rule goes into effect, new state healthcare exchanges place additional security and privacy pressures on healthcare organizations.
For more insights on the subject of how security plays a vital role in creating a standard of due care and a platform to have better risk-based security management conversations, check out the following resources:
- Connecting Security to the Business Mission
- The Role of Security in Creating a Standard of Due Care
- SANS Twenty Critical Controls as an Information Security Standard of Care
- Using the Top 20 Critical Security Controls to Get your CFO’s Attention
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock