Recent reports indicate that cybersecurity response is lacking across numerous sectors, and that healthcare can improve in its detection methods.
Organizations must have the right staff members in place who are properly trained, and also have appropriate technical tools to ensure that a proper cybersecurity response can occur following a data security incident.
Healthcare entities in particular must work to create a comprehensive cybersecurity response plan, but recent studies show that there is still room for improvement.
Seventy-seven percent of organizations said they do not have a formal cybersecurity incident response plan (CSIRP) applied consistently across their entity, according to The Third Annual Study on the Cyber Resilient Organization by IBM Security and the Ponemon Institute.
Of the 2800 respondents, approximately half stated that their incident response plan was informal or did not exist.
The study also showed a need for proper employee training in cybersecurity. Seventy-seven percent of those surveyed said it is difficult to retain and hire IT Security professionals. Fifty percent reported their organization’s current CISO or security leader has been in place for three years or less, while 23 percent said they do not currently have a CISO or security leader.
“Having the right staff in place is critical but arming them with the most modern tools to augment their work is equally as important,” IBM Resilient VP of Product Management and Co-Founder Ted Julian said in a statement. “A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall Cyber Resilience.”
Confidence levels in being able to properly respond to a cybersecurity attack could also be misplaced, researchers found.
Seventy-two percent of organizations said they felt more cyber resilient today than they were last year. However, 57 percent of respondents said the time to resolve an incident has increased, while 65 percent said attack severity has increased.
“A sharp focus in a few crucial areas can make a big difference when it comes to Cyber Resilience,” Dr. Larry Ponemon said in a statement. “Ensuring the security function is equipped with a proper incident response plan, staffing, and budget will lead to a stronger security posture and better overall Cyber Resilience.”
Healthcare cybersecurity response may not be as bad though, as recent CynergisTek report findings show that entities ranked highest in response and recovery in the Core Elements of the NIST Cybersecurity Framework.
The Improving Readiness: Meeting Cyber Threats report measured how healthcare organizations are implementing NIST CSF controls.
The assessments were conducted across numerous types of healthcare entities, including individual hospitals, clinics, ancillary facilities, payers, and business associates. Overall, there was an average of 45 percent conformance with NIST CSF controls.
Organizations had the lowest ratings in detecting potential cybersecurity events, while the highest ratings were in the Core Elements of response and recovery.
Article Credit: Health IT Security
The post Improving Cybersecurity Response in Healthcare Organizations appeared first on Statii News.
source http://news.statii.co.uk/improving-cybersecurity-response-in-healthcare-organizations/
No comments:
Post a Comment