Cybercriminals often work together to achieve their goals, Some healthcare IT professionals believe that their companies should collaborate as well.
Setting cybersecurity metrics and baselines for the industry is one field where healthcare IT leaders can be able to achieve this aim. Such metrics are currently unavailable, but CDW is collaborating with market leaders to develop them. Tom Stafford, CDW’s healthcare CTO, is leading a survey of IT leaders in the healthcare industry to learn more about how they evaluate their protection efforts.
“We want to use this data to build a dashboard that shows businesses where they stand in the healthcare industry,” Stafford explains. The project’s goal is to develop a common set of metrics and a baseline of where the industry stands by gathering survey data from healthcare IT leaders.
IT Executives Need Context for their Security Initiatives
The survey’s aim, according to Stafford, is to give IT leaders a better understanding of how their protection efforts relate to the rest of the healthcare industry. For example, understanding that an organization’s anti-phishing program aims to minimize the probability of users clicking on a suspicious connection in an email is useful if the click rate is 1%. However, recognizing that the industry average is 5% gives meaning to the fact that the company’s anti-phishing activities are more successful than the average.
For many factors, says Steve LeBlond, vice president of information services and COO of the IS division at Ochsner Health, which is collaborating with CDW on the survey, establishing this background has been difficult. Cybersecurity as a discipline is still relatively new, according to LeBlond, who points out that only a few companies had a CISO role within their organizational frameworks only ten years ago.
Taking Measure in the Face of Security Threats
Any company should be aware of its position on a range of basic security metrics. This viewpoint will be given by the CDW survey. IT executives who take the survey will report on measures like the percentage of unknown devices logging on to their networks versus identified devices (a measure provided by many network access control solutions).
The total number of critical vulnerabilities found through penetration testing, the percentage of servers backed up in the last 24 hours, and the percentage of employees who have undergone security training would be among the other metrics tracked. Organizations who take part in the survey will have access to the findings in great detail.