Forbes Frontline contributing writer, Greg Martin, leads an article this week with the following scenario:
How could ordering a pizza take down a bank?
It’s frighteningly easy—and illustrates the need for faster, more-sophisticated technology to block the even more-pernicious cyber-security threats targeting big companies today.
In the pizza example, a bank employee orders a pizza online, using his company email address to complete the transaction. And, like many people, he uses the same password for the pizza site as he does to log in to his bank’s workstation or intranet. Bad move: Clever hackers now automate cyber-attacks on some businesses with weaker security, like pizza parlors. They can easily snare the employee’s information, then try those login credentials on the bank’s website or employee VPN– and, if they work, tap into the bank’s internal networks.
More sophisticated hackers automate this process, intercepting millions of individual logins until they find someone working at a prime corporate target, whose login unlocks the company network for them. Boom: easy as that.
After 15 years of working in the privacy and security arena with hospitals, health systems, HIEs and their information sharing partners, we still have a hard time getting past conversations about HIPAA, and often those conversations are almost solely focused on patient confidentiality. The cybersecurity threat changes the dialogue completely. How do we introduce concepts like the “Deep Web,” “Dark Net,” and “Digital Shadow” without sounding like we are writing the next scifi novel? We do that with examples like the one that Greg offers and we shift the conversation to a practical discussion of the cybersecurity threat and the risk it poses, not only to our organizations, but to our patients and workforce.It’s a new world, for certain, and we need to introduce a new vocabulary and mindset that our leadership teams, BODs and workforce can understand and embrace.
Greg’s article also points out the need for meaningful data. The same business analytics and intelligence horsepower that we are putting toward care reform needs to be applied to cybersecurity. Yesterday’s security programs were policy-driven; today’s programs need to be data-driven. We are working at the center of these issues with our clients everyday.
Read Greg Martin’s full article here: http://www.forbes.com/sites/frontline/2016/02/10/fast-data-will-revolutionize-cybersecurity-in-2016/#5410e9df5d1f