What Healthcare CISOs Can Do Differently to Fight Ransomware
Current approaches to fighting ransomware in healthcare don't seem to be working. We've got a prescription for what healthcare CISOs can do differently.
Any time you can simplify some aspect of cybersecurity, you should do it. Simpler systems are almost always more secure. Similarly, any time you can converge multiple protective controls together into a platform that is more unified, you should do that as well. This is why I’ve been so excited about a trend I see in the security industry – namely, the convergence of endpoint security with mobile device security in commercial platforms.
The overall idea is that the functional protections and management control of endpoint security and mobile device security can be connected into unified platforms with common interfaces and support for combined analytics. The power of integrating the data analysis between the two domains cannot be underestimated. Combined analytics can expose evidence of attacks that involve both types of device.
I’ve seen evidence of this platform convergence for some time, but things crystalized in my mind during a technical discussion with my longtime colleague Sam Curry, from Cybereason. In addition to Sam’s personal interest in this topic, his employer – Cybereason, also promotes endpoint and mobile convergence as a value proposition. So, Sam’s insights extended far beyond those of most security experts.
“Enterprise security teams and their IT counterparts have had to deal for too long with the operational and organization gaps that exist between protection of endpoints and management of mobile devices,” he explained to me. “This implies that security platform convergence, either by the local enterprise security team or by a commercial vendor, should be a pretty welcome advance.”
This idea that IT management and security analysis groups within an enterprise might have the opportunity now to work more closely via a common platform is attractive. For too long, these groups and their respective device infrastructure have been separated in terms of responsibility and budget. This creates gaps in support and also in security. So, convergence is an excellent idea – so much so that I penned an original report on the matter. You can read it here.
My report covers the traditional approaches to protecting and managing both endpoint and mobile devices, but the report also identifies how both approaches have evolved. Endpoint security has had more time to mature, but with this recent convergence, as well as increased dependence on mobile computing – integrated security platforms will now evolve in support of both domains.
Once you’ve read the report, I hope you’ll share your views here. I think this is an important and evolving aspect of our industry – one that deserves more attention. I look forward to hearing from you.
Read the full guide, 'Integrating Endpoint and Mobile Device Security,' below as TAG Cyber CEO Dr. Edward Amoroso explores one of the most important and vibrant aspects of enterprise cyber security programs today - mobile.
Current approaches to fighting ransomware in healthcare don't seem to be working. We've got a prescription for what healthcare CISOs can do differently.
Steve Orrin, Federal CTO at Intel, joins the podcast to discuss approaches to remaining compliant with the various laws when moving to the cloud - check it out...