With the emergence of even more dangerous threats such as ransomware/wiperware, state-sponsored hackers, and large-scale data breaches, it now takes a coordinated organizational effort to address cybersecurity. This needs to be addressed as a business problem, not as a technical problem. Many of the large-scale data breaches and ransomware rely upon operational deficiencies, not technical skill, to be effective. We need to evolve and present a different picture to the organization to band together to address these issues. Setting expectations and developing a set of core processes and procedures to address these issues, along with a training and communication plan, will bring organizations forward and enable them to continually assess, address, and mitigate risk.
Mitchell Parker, CISSP, is the Executive Director, Information Security and Compliance, at IU Health in Indianapolis, Indiana. Mitch is currently working on redeveloping the Information Security program at IU Health, and regularly works with multiple non-technology stakeholders to improve it. He also speaks regularly at multiple conferences and workshops, including HIMSS, IEEE TechIgnite, and Internet of Medical Things. Mitch has a Bachelor's degree in Computer Science from Bloomsburg University, a MS in Information Technology Leadership from LaSalle University, and his MBA from Temple University.