We took a pulse of the state of infosec, heard experts rate industry maturity and learned smart tactics for advancing your security posture.

5 (more) things we learned by focusing on cybersecurity in October

By Tom Sullivan
10:06 AM
cybersecurity infosec

With National Cybersecurity Awareness Month winding down, we initially reported five things learned from researching and writing about infosec in depth during October.

Real quickly, those include: synthetic ID theft, the benefit of dashboards, consumerism's impact on network perimeters, guidance about what to look for when picking a penetration tester and a rethinking of the belief that humans are your hospital's weakest link.

But there were so many more takeaways this month. Here are another five.

1. Three charts explain where hospitals and systems are today, security-wise. HIMSS Media research found that privacy is the top concern, nailed down more than a dozen ways healthcare organizations are addressing security issues and pinpoints specific job roles involved in establishing strategy and internal policies. Read the full article here.

2. Several infosec leaders rated the industry's security posture as just about 'average.' As in, somewhere between a four and six with 10 being the highest. One speaker at the HIMSS Healthcare Security Forum even gave a three rating. Why so low? Call it a "false sense of cloud" that big tech guns will make the security problem go away. Read the full article here.

3. Security teams will never have upper management's attention quite like they do in the immediate wake of a breach. It might not be a silver lining, exactly, but it is an opportunity to talk with the board of directors to advance your long-term strategic plan by talking about operation resiliency, which is bound to keep their attention. Read the full article here.

4. Evidence-based security is not just a fancy buzzword. Hope is emerging that applying analytical rigor to security in a fashion akin to evidence-based medicine will transform today's practices. To that tend, Penn Medicine CISO Dan Costantino explains how to use data and analytics to better understand threat intelligence and heighten your security posture while remaining compliant with necessary rules and regulations. The foundation is gathering two key data types so you can put the intelligence to work. Read the full article here.

5. Smart CISOs master patch management without disrupting the clinical workflow. It sounds easy enough, sure, but it's not because of the legacy software and hardware still running in hospitals. Hint: Smart planning starts with assessing vulnerabilities, setting response processes and allowing for anomalies such as zero-day events. Read the full article here

Focus on Cybersecurity

In October, we take a deep dive into security strategy and pressing threats.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com