Building the Best Cyber Defense for Your Organization

The threats vary, from worms and viruses that are adrift on the Internet, all the way up to nation-state attackers. But in healthcare, it's the professional criminals who keep me up at night. They've got time to figure out what your organization is doing wrong, and exploit those vulnerabilities for profit. We've already seen this pattern in the industry.

We have yet to see how theft of medical information will be used. The possibilities are many: wholesale medical fraud, blackmail, device hacking, and more. Healthcare organizations are still playing catch-up against the current generation of cyber attacks, so unfortunately, I think it may get a little worse before it gets better. The challenge now is adapting knowledge from other industries—government, defense, financial—so healthcare can come to the cyber defense level it needs, in a cost-effective manner.

Ask your technology leaders how often they're detecting compromises in your organization. If the answer is never, you are blind to your actual cyber security posture. The idea of being able to see attacks, and being able to stop them— instead of building a high wall and blindly hoping nothing gets through—is the heart of an active defense, which is necessary to be successful in today's cyber environment.

Secondly, complying with regulations is important, but it's not a guarantee of success. Regulations are often a step behind the latest threats and cyber attacks, so your organization should consider going beyond the minimum regulatory requirements. You must carefully evaluate threat scenarios, your susceptibility to them, and invest to reduce the likelihood and impact of their occurrence.

Unfortunately there will be a shortage of cyber security professionals for a while as the future STEM-educated workforce strives to meet the current demand and the medical industry can be at a disadvantage for rare talent that demands top dollar. However, there are a few things in healthcare's favor. First, there are cyber professionals out there who will find great meaning in helping an industry navigate this challenge, and who are attracted to an industry in the business of helping people. Frankly, life and death can be at stake—and that can be exciting from a psychological perspective. Second, organizations are often resource-constrained, and they spend millions on cyber security yet still have an utterly ineffective defense. There is often not a strong correlation between money spent and effectiveness in cyber defense, and that's an opportunity and a challenge for health cyber professionals to be clever, savvy, and creative to solve some of these problems.

Leidos is focused on solutions, not just technology. We combine our understanding of cyber defenses required to fight advanced threats in the defense sector with a rich history in serving healthcare. Our cyber offerings fall into three major areas:

• Assessments, helping our customers assess their security posture with regard to regulations, best practices and peers;
• Operations, helping clients monitor and support their cybersecurity infrastructure;
• Incident Response, where we have teams standing by able to help customers address cyber incidents on very short notice.

The book provides a framework for organizing the policies, people, budgets and technologies of an enterprise-level cybersecurity operation. It also covers the art of a modern cyber defense—what are the major pieces you need to have in place to combat today's mainstream cyber threats? And finally, how to continuously improve your cyber position by engraining it into your organization's management and budget cycles. These are well-proven techniques we've used with our customers at Leidos, both in government and commercial sectors, and we are excited to be sharing them with the world.

For nearly 30 years, Leidos has helped customers across the healthcare spectrum prevent, diagnose, and treat illnesses, and today, it is developing next-generation solutions in areas such as biomedical research and health analytics to turn data into actionable information for clinicians and their patients.

Visit Leidos.com for more information.