Sutter Health’s CISO on how to overcome cultural hurdles to cybersecurity – Healthcare IT News
Cyberattacks on hospitals are rising – healthcare security leaders urgently need to ensure their organizations and the people they serve are secure. But the many decisions and actions needed to achieve security are complex and go well beyond the CISO role.
CISOs must know how to navigate cultural issues and share best practices on how to achieve consensus in their organizations – at all levels – including effective communication strategies to gain buy-in from senior management.
Jacki Monson, vice president, chief technology risk officer, chief information security officer and chief privacy officer at Sutter Health, will be speaking on this very topic at the upcoming HIMSS Cybersecurity Forum, a virtual event held December 6-7.
Her session is entitled “Achieving Buy-In, Changing the Culture around Security and Connecting to the Needs of the Business.” Her co-presenters in the session will be Dan Bowden, vice president and CISO at Sentara Healthcare, and Saif Abed, director of cybersecurity advisory services at Abed Graham Group.
Healthcare IT News interviewed Jacki to get a sneak preview of her session.
Q. What are a few of the cultural issues that impede good cybersecurity?
A. There are a few cultural issues organizations are facing right now that impede good cybersecurity. A major one many organizations are working through is the rise of remote work culture.
In response to COVID-19, employees who were used to coming into the office, opening their computers and safely accessing a secured network, suddenly were attempting something different. They worked to ensure their home Wi-Fi networks met security requirements and their workspaces were physically secure – if space even allowed a separate location.
They also had to properly “remote in” to their office and safely manage documents and other issues. On the flipside of that coin, organizations also were scrambling to make changes to their networks to allow employees to engage in secure and efficient remote work.
Organizations balanced this while also managing supply chain shortages on items like computer screens, hard drives and other necessary tools. Employees, who we all know are the first line of cyber defense, also were often faced with the challenges inside their remote work environments. They were helping home school their children or working from home alongside their partners.
These new requirements and distractions created unique security awareness challenges that can be tough to communicate and tackle. For example – helping ensure employees understand corporate devices are for corporate use only when perhaps there is a shortage of computers at home.
There also is fatigue – errors are made when employees are tired – and COVID-19 and …….