CXOToday has engaged in an exclusive interview with Ms. Dalia Hamzeh, Security Strategy and Transformation Manager, Progress.
- The IT systems of the healthcare and the financial services sectors are complex and interconnected, which gives multiple opportunities for hackers to break in. What can companies do to have better visibility into their operations and protect themselves from cyberattacks?
Despite the high levels of cybersecurity, the healthcare sector and financial services companies remain the top targets. These sectors possess so much information of high monetary and intelligence value that they are very attractive to malicious threat actors. Companies must leverage advanced technologies, such as artificial intelligence (AI) and machine learning (ML) or adopt a multi-layered approach system to achieve better visibility into their operations and protect against such threats. It includes conducting regular risk assessments and implementing security monitoring tools and procedures to detect and respond to potential cyberattacks in real time. It will not only help to identify the problems swiftly, but it will also reduce the impact.
Moreover, keeping systems and software up to date with the latest patches and updates can minimise the risk of known vulnerabilities being exploited by hackers. Organisations should also have an incident response plan in place, which outlines the steps to be taken in the event of a cyberattack. It will help them to handle the situation in real time. These measures can improve cybersecurity within the organisation and protect it from cyber-attacks.
- Research by Vanson Bourne shows that most security incidents were “from employees failing to follow security protocol or data protection policies.” How can companies address this issue?
A combination of training, awareness, reinforcement, and a holistic approach that goes beyond training could help address the issue of employees not following security protocols or data protection policies. Some practical solutions include:
Education and training: Employees inherently want to do the right thing. However, employees don’t know what they don’t know. They need to be educated about the importance of data protection and how they can do their part. Regular training sessions in auditing and testing will help organisations to keep their employees abreast of the latest threats and best practices. It can include simulated phishing attacks, penetration testing and regular security audits.
Clear policies and guidelines: Companies must have clear policies and guidelines in place that outline the expected behaviour of employees. These policies should be communicated to employees clearly and concisely, and employees should be asked to sign off on the. By signing off on them, both as a new hire or tenured employee, sends the message that these policies are important to your organization.
Encourage a culture of security: Creating a company culture that prioritises data protection and encourages employees to take an active role in maintaining the security of the organisation is crucial for the longevity of the business. Organisations can do that by having a single and clear place for employees to report security incidents or concerns to, and rewarding employees who actively report potential security incidents or vulnerabilities.
Most importantly, establishing trust with your workforce. By letting your employees know they can come to the Security team, if in example they clicked on a malicious link, they will not be punished or embarrassed for their error, but rather worked with to prevent it from happening again.
By implementing these measures, companies can reduce the risk of security incidents caused by employees failing to follow security protocol or data protection policies.
- Data breaches may not only lead to reputational, legal and financial damages, but they are also costly to contain. What are some factors companies should keep in mind when choosing tools to help them ensure the safety and stability of their IT infrastructure?
Factors, such as the reputation and track record of the vendor, compliance with industry regulations and the ability to provide timely and regular updates and patches must be considered. Solutions that leverage AI and ML for anomaly detection, predictive analytics and automated response can provide real-time insights and proactively mitigate potential threats are also important to be considered. Lastly, ensuring that you and your vendors have a business continuity and disaster recovery plan in place is highly monumental to protect the stability of one’s infrastructure.
- How can organisations protect themselves from attacks on their networks in the long run?
Businesses of all sizes are susceptible to network security threats. Therefore, organisations can protect themselves by taking a comprehensive and proactive approach to cybersecurity. It includes implementing multiple layers of security controls, such as firewalls, intrusion detection, prevention systems and endpoint security solutions. Employing network segmentation and access controls can limit the lateral movement of attackers within the network. Also, regular security assessments and penetration testing can help identify vulnerabilities and security risks within the organisation. Organisations should keep their systems and software up to date with the latest security patches. It will prevent them from the latest threat landscape and against unknown vulnerabilities.
At present, healthcare and financial services sectors are highly vulnerable to cyberattacks as they hold confidential data. By implementing robust security measures, providing comprehensive training programmes, creating awareness among employees, selecting appropriate tools and staying vigilant, companies can enhance their cybersecurity measures and safeguard their operations against potential cyberattacks. Healthcare and financial institutions must regularly back up their data to ensure they can recover from a ransomware attack and data loss Cybersecurity is an ongoing process and organisations must adapt to new threats as they emerge.
