On top of the right tools, effective cyber security relies on well-trained employees
While cloud security is improving, hackers are always on the lookout for vulnerabilities in IT systems, and enterprises need to protect themselves with, among other things, improved employee training.
As healthcare organizations move their IT systems to the cloud, it may be increasingly tempting to assume that cybersecurity programs will be enough to protect critical data. But experts note that, despite the increasing sophistication of cloud security programs, human error can still play a significant role.
"Most employees want to follow security procedures, but security tools are not always intuitive and easy to use," Jeremy Bergsman, practice leader at Gartner, recently told tech writer Paul Korzeniowski.
As a result, organizations still need to understand the limitations of their tools and work to create a security-conscious workforce.
According to Korzeniowski, there are a number of steps IT managers can take to minimize the risk of phishing attacks designed to trick individuals into exposing sensitive information via website links and direct responses.
For example, he says, “to keep information safe, use data leak protection services, which can identify documents that contain sensitive information -- like account numbers -- and alert employees to a potential cloud security risk.”
As for the problem of human error, Korzeniowski points out that many organizations have security tools or services that monitor cloud deployments and system logs. “Many of these tools automatically send out an alert if they detect a potential threat. While some of these alerts are legitimate, some aren't, which can overload security teams.” With such large volumes of data, IT pros might ignore warnings of a potential cloud security risk and then discover, too late, that there was an attempt to compromise their system or an actual breach.
In short, as Jim Reavis, CEO of Cloud Security Alliance, summed it up, ”The past few years have seen explosive growth in compute resources, well beyond anything that happened in the past. Many companies are not scaling and increasing the number of security professionals needed to evaluate potential risks."