Dive Brief:
- As if protecting their hospitals’ from cyberattacks and privacy threats wasn’t enough, chief information security officers (CISOs) also face an overload of information and vendors solutions, a new report from the Institute for Critical Infrastructure Technology concluded.
- Nonetheless, CISOs must somehow sift through a sea of vendor sales pitches to find the solution that will best secure their organization, and at the right cost. However, many of the tools and solutions that vendors pitch are over-promised.
- Over the past five years, investors injected more than $7.3 billion into over 1,200 cybersecurity startups, creating fierce competition in the field.
Dive Insight:
While CISOs are well compensated, earning a median income of $194,000 to $270,000, they are often expected to pull rabbits out of hats, ICIT stated.
“In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget,” according to the report. “They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization.”
The report offers suggestions for how CSIOs can navigate oceans of information, address organizational needs and improve communication within the hospital system, while getting positive return on investment from the tools they select.
For example, educational security awareness solutions can help to change careless employee behaviors and user behavioral analytics systems can identify insider threats.
In defending their solution, the best tool CISOs have is a cyclical information security risk assessment that identifies critical assets within the hospital and the risk those assets face in the current cyber environment, according to the report.