The fallout of major data breaches in the past two years has sent a clear message: the responsibility for data breaches is being laid on the board of directors and C-level employees. Having a strong IT security team, led by a strong CISO, is not only key to an effective security policy. Indeed, studies have shown than an effective CISO and a well-run information security program can save an organization almost 10% in total revenue from a decreased risk of data loss and theft.
A CISO is now both integral to data security preparedness as well as reacting to data breaches as they happen. The role of the CISO continues to evolve through time, keeping abreast of changing technologies and evolving the organization’s security posture from the board-level down.
On HealthITSecurity, the evolution of the CISO in healthcare was discussed with Raj Mehta of Deloitte Cyber Risk Services. The article offers some insight into the challenges a CISO faces in order to be effective in their job, which often comes down less to technical skills and more to effective communication skills that are required to make security a priority from the top-down. Raj Mehta notes,
“I think the challenge they really have is striking the right balance between how to bring the right message that executives will understand. Ultimately, if I look at most businesses, they want to do the right things. They see all the things in the newspapers about breaches, and the question comes back to them: ‘Are we secure? Are we doing the right things?’ And CISOs need the ability to be able to communicate and educate in a way that executives understand what the issues are and what support is needed.”
The healthcare industry faces more data security challenges because the value of healthcare data makes the industry a hot target and the level of data sharing is much higher. The complexity of securing healthcare data means that a CISO must understand the risks, prioritize them, communicate them and secure the right support – then of course, have a way to measure their success. The article on HealthITSecurity talks about how the CISO role moved from compliance-oriented to risk-focused and how the role will continue to mature in the next few years.
The most secure organizations are ones where there is a culture of security that is embedded top-down, where every employee, from the board to the mail room, understands their role in protecting corporate data, with tools that both support, enable and protect data wherever it resides. To learn about how Absolute can help your healthcare organization get there with adaptive security for the endpoint, visit our website.