State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice. -------------------- Assess, design, and implement your cybersecurity strategy. Learn more at www.accesspointconsulting.com.

Note: This episode was recorded on October 31, 2024.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice. -------------------- Assess, design, and implement your cybersecurity strategy. Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice. -------------------- Assess, design, and implement your cybersecurity strategy. Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

Takeaways

• Identify and assess the risks associated with third-party vendors and suppliers
• Build strong relationships with critical vendors and continuously monitor their security posture
• Understand the risks associated with the third parties used by your own third parties
• Use tools like BitSight and UpGuard for scanning and monitoring vulnerabilities
• Have management support, clear roles and responsibilities, and a focus on security posture

Chapters

00:00 Introduction and the Importance of Identifying Third Parties

03:02 Defining Supply Chain Risk Management

09:44 The Risks of Shadow IT Vendors

13:28 Building Relationships with Critical Vendors

17:18 The Challenges of Fourth-Party Risk Management

20:09 Tools for Scanning and Monitoring Vulnerabilities

23:03 Key Recommendations for CISOs and CIOs

Summary

In this episode of State of Security, Geoff Hancock discusses cyber threat intelligence with guests Mike Rush and Evie Manning. They define cyber threat intelligence as data that is collected, processed, and analyzed to understand threat actors, their motives, targets, and behaviors. They emphasize the importance of making intelligence actionable and highlight the different levels of threat intelligence, from strategic trends to tactical actions. The guests also discuss the impact of cyber intelligence on supply chain security and how it can be used to proactively protect businesses. They stress the need for collaboration and communication between different cybersecurity disciplines and the importance of relevant and contextual data in cyber intelligence.

Takeaways

• Cyber intelligence is data that is collected, processed, and analyzed to understand threat actors, their motives, targets, and behaviors.
• Making intelligence actionable is key, as it allows organizations to make informed decisions and take proactive measures to resolve issues and prevent future attacks.
• Cyber threat intelligence encompasses a broad range of information, from strategic trends to tactical actions, and helps organizations identify relevant threats and prioritize their security efforts.
• Cyber intelligence plays a crucial role in supply chain security, as it helps organizations identify and mitigate risks in their supply chain and protect their customers.
• Collaboration and communication between different cybersecurity disciplines, such as vulnerability management, incident response, and threat hunting, are essential for effective cyber intelligence.
• Small and medium businesses can start building their cyber intelligence capabilities by conducting an internal assessment of their assets, risks, and vulnerabilities, and then seeking relevant and contextual data from trusted sources.

Chapters

00:00 Introduction to Cyber Intelligence

04:38 Different Levels of Threat Intelligence

07:28 Cyber Intelligence in the Context of Small and Medium Businesses

10:43 The Importance of Supply Chain Security

26:52 Building Cyber Intelligence Capabilities for Small and Medium Businesses

Summary

This episode focuses on governance, risk, and compliance (GRC) and how organizations can strengthen their GRC programs.

Key recommendations include:

1. Ensure executive buy-in and support for GRC initiatives.
2. Review and update policies, procedures, and documentation regularly.
3. Implement continuous monitoring and improvement of GRC processes.
4. Incorporate GRC elements into contracts with third parties.
5. Conduct regular internal and third-party risk assessments.
6. Provide security awareness training to employees.
7. Consider the impact of AI on GRC, but maintain a human element in the process.

Chapters

00:00 Introduction

03:21 The Importance of Resilient GRC

08:33 Challenges and Failures in GRC

25:58 Executive Buy-In and Documentation

30:38 Continuous Monitoring and Improvement

35:24 Strengthening GRC Programs

Summary

During HIMSS24 in Orlando, Access Point highlighted the importance of operational resilience and incident response in healthcare. Led by Geoff Hancock, the session addressed the increase in data breaches and the need for proactive cyber resilience. Panelists emphasized the shift to proactive cybersecurity, the role of AI and machine learning, key elements of an incident response plan, and collaboration between teams. Executives were noted for their oversight during breaches, and the evolving role of the C-suite in prioritizing cyber resilience was emphasized. Effective communication to the C-suite and board of directors, along with balancing innovation with privacy and compliance, were also discussed.

Takeaways

• Operational resilience and incident response are crucial in the healthcare industry due to the increasing number of data breaches.
• A proactive approach to cybersecurity is necessary, with a focus on having a plan and being able to withstand and manage through an attack.
• AI and machine learning play a role in cybersecurity, but there is a need for continuous testing and governance to prevent manipulation of outcomes.
• Key elements of a healthcare organization's incident response plan include team collaboration, incident classification, detection and analysis tools, recovery and retention strategies, and involvement of executives.
• Collaboration between the CISO, engineering, and IT teams is crucial for creating a strong security posture.
• Executives in hospital administration play a role in providing oversight and managing through a breach.
• The C-suite's understanding and prioritization of cyber resilience are evolving.
• Budgeting and prioritization are important for implementing effective cybersecurity measures.
• Effective communication and reporting to the C-suite and board of directors are essential.
• Balancing the adoption of innovative technologies with patient privacy and regulatory compliance is a challenge.

Chapters

00:00 Introduction and the Need for Proactive Cyber Resilience

06:22 Understanding the Operational Side of Cyber Resilience

09:10 Key Elements of a Healthcare Organization's Incident Response Plan

24:27 Collaboration between CISO, Engineering, and IT for Strong Security

26:54 The Evolving Role of the C-Suite in Understanding Cyber Resilience

29:51 Budgeting and Prioritization for Effective Cybersecurity

33:13 Effective Communication and Reporting to the C-Suite and Board

36:08 Balancing Innovation and Patient Privacy in Healthcare

Summary

The principal themes in this conversation revolve around the importance of network vulnerability, data security, and the impact of emerging technologies in healthcare cybersecurity. The healthcare IT leaders we interviewed emphasize the need to find a balance between secure platforms and user-friendly environments. They also highlight the challenges of interfacing with external organizations and complying with government regulations. Other key topics include the integration of AI in healthcare, the importance of data protection, and the role of networking and Wi-Fi security. Overall, the conversation emphasizes the critical role of cybersecurity in maintaining patient confidence and protecting sensitive healthcare data.

Takeaways

• Network vulnerability is a significant concern in healthcare cybersecurity.
• Finding a balance between secure platforms and user-friendly environments is crucial.
• Interfacing with external organizations and complying with government regulations are ongoing challenges.
• The integration of AI in healthcare requires careful consideration of data protection.
• Networking and Wi-Fi security play a vital role in maintaining cybersecurity.
• Data security is essential to maintain patient confidence and protect sensitive healthcare information.

Chapters

00:00 Introduction

06:31 Balancing Security and User-Friendly Environments

11:31 Challenges of Interfacing with External Organizations

12:48 The Role of AI in Healthcare and Data Protection

13:43 Networking and Wi-Fi Security

Summary

In this conversation, Geoff Hancock interviews Brian Weidner and Chris Skinner about incident response. They discuss the importance of building strong relationships with the C-suite and legal department, as well as the value of having a trusted incident response company on retainer. They also touch on the challenges of incident response in the critical infrastructure sector and the potential impact of new reporting requirements proposed by DHS. The conversation explores the recently released NIST incident response document and the need for organizations to tailor their incident response plans to their specific needs. The guests emphasize the importance of preparation, communication, and continuous improvement in incident response.

Takeaways

• Building strong relationships with the C-suite and legal department is crucial for effective incident response.
• Having a trusted incident response company on retainer can streamline the response process.
• New reporting requirements proposed by DHS may add additional burden to organizations already dealing with regulatory reporting.
• The recently released NIST incident response document provides valuable guidance for organizations, but it should be tailored to each organization's specific needs.
• Preparation, communication, and continuous improvement are key elements of successful incident response.

Chapters

00:00 Introduction and Importance of Relationships

19:08 New Reporting Requirements and Collaboration with Government Agencies

32:24 The Value of the NIST Incident Response Document

Summary

Geoff Hancock joined Allan Alford on The Cyber Ranch Podcast to discuss effective communication strategies for CISOs. They emphasize the importance of prioritizing clarity in communication, using strategic storytelling, and practicing crisis communication. They also highlight the significance of engaging stakeholders proactively, leveraging data in decision-making, and bolstering leadership presence. Additionally, they discuss the value of emphasizing followership and establishing a feedback loop. The conversation concludes with a discussion on using tools and strategies for effective communication, such as the NIST Cybersecurity Framework and the concept of a management operating system.

Chapters

00:00 Introduction

03:51 Strategic storytelling

08:25 Crisis communication

11:42 Engaging stakeholders proactively

13:37 Leveraging data in decision-making

16:28 Bolstering leadership presence

25:34 Establishing a feedback loop

31:24 Using tools and strategies for effective communication

Summary

This conversation explores the impact of ransomware on the healthcare industry and the importance of cyber resiliency. It discusses the resilience of cybercriminals and the need for organizations to be proactive in their approach to cybersecurity. The conversation also highlights the threats and vulnerabilities faced by healthcare organizations and the role of AI in cybersecurity. It emphasizes the importance of building operational resilience and implementing basic cybersecurity practices. Finally, it addresses the fallout and cost of ransomware attacks in the healthcare sector.

Takeaways

• Healthcare organizations are a prime target for ransomware attacks due to their reliance on outdated systems and high turnover rates.
• Cybercriminals are resilient and quickly bounce back from takedowns, highlighting the need for organizations to prioritize cyber resiliency.
• Building resilience in healthcare organizations requires a focus on securing electronic health records, implementing strong email security measures, and conducting regular vulnerability management.
• AI can play a role in enhancing malware detection and anomaly detection, but organizations must also focus on the basics of cybersecurity and resilience.
• Operational resilience is critical in healthcare organizations, and it involves having backup plans, disaster recovery strategies, and effective incident management processes in place.
• Implementing basic cybersecurity practices, such as access controls and network segmentation, is essential for protecting healthcare organizations from ransomware attacks.
• The fallout and cost of ransomware attacks in the healthcare sector can be significant, highlighting the need for organizations to invest in cybersecurity and resilience measures.

Chapters

00:00 Introduction and Overview

01:23 Ransomware in the Healthcare Industry

06:04 The Resilience of Cybercriminals

08:33 Targeting Healthcare Organizations

09:25 Challenges in Healthcare Security

11:45 The Impact of the Pandemic on Healthcare Security

12:53 Security Risks of Telehealth

14:47 The Ripple Effect of Ransomware Attacks

15:44 Building Resilience in Healthcare Organizations

19:23 Third-Party and Supply Chain Risks

20:49 Legacy Systems and Access Controls

25:35 The Role of AI in Healthcare Security

29:24 The Need for Operational Resilience

31:43 The Role of AI in Security

34:08 The Importance of Basics and Preparedness

37:46 Final Thoughts and Recommendations

Summary

In this episode, Rick Leib, Field CISO for Access Point Consulting, discusses the challenges and strategies for cybersecurity in healthcare organizations. He emphasizes the need for healthcare organizations to stop relying solely on perimeter security and to hire executives who can effectively sell security to the board and senior executive staff. Rick also highlights the importance of addressing legacy systems, managing medical devices securely, engaging third-party providers, and investing in information security. He recommends conducting risk assessments, practicing tabletop exercises, and involving executives in the security program. Additionally, Rick suggests considering the role of a virtual CISO to provide guidance and expertise.

Takeaways

• Healthcare organizations should stop relying solely on perimeter security and invest in a multi-layered security approach.
• Hiring executives who can effectively sell security to the board and senior executive staff is crucial for healthcare organizations.
• Addressing legacy systems and managing medical devices securely are key challenges in healthcare cybersecurity.
• Engaging third-party providers requires a thorough third-party risk management system.
• Investing in information security, practicing tabletop exercises, and reinforcing the basics are essential for healthcare organizations.
• Involving executives in the security program and considering the role of a virtual CISO can greatly enhance cybersecurity in healthcare organizations.

Chapters

00:00 Introduction

01:20 Challenges in cybersecurity for healthcare organizations

05:58 Managing medical devices in a secure way

07:50 Engaging third-party providers in healthcare

10:39 Importance of employee training in healthcare organizations

12:34 Ransomware and the need for proactive security operations

14:02 Securing medical devices through micro-segmentation

20:16 The importance of risk assessments and incident response plans

23:36 Investing in information security and practicing tabletop exercises

29:15 Reinforcing the basics and involving executives in security

32:06 The role of a virtual CISO in healthcare organizations

33:03 Conclusion and call to action

Summary

In this conversation, Geoff Hancock, Global CISO and Deputy CEO for Access Point Consulting, speaks with Rick Leib, Access Point’s Field CISO, discussing the importance of cybersecurity in healthcare organizations. They highlight the prevalence of ransomware attacks in the healthcare industry and the need for improved malware defenses and patch management.

Rick emphasizes the importance of separating IT and security departments and implementing a zero trust model. He also discusses the role of MSSPs in healthcare organizations and provides recommendations for 2024, including increasing malware resilience and security staffing. The conversation concludes with key takeaways, such as the need for executive commitment, talent and skills, prioritizing protection, and preparedness.

Takeaways

• Ransomware attacks are a significant threat to healthcare organizations, and improving malware defenses and patch management is crucial.
• Separating IT and security departments is essential to ensure proper focus on information security and compliance.
• Implementing a zero trust model can enhance cybersecurity in healthcare organizations.
• Engaging with MSSPs can provide expertise and guidance in managing cybersecurity risks.

Chapters

00:00 Introduction and the Need for Cybersecurity in Healthcare

01:08 Ransomware Attacks in Healthcare

03:21 Separating IT and Security Departments

04:51 Building Cyber Resilience in Healthcare Organizations

05:50 The Importance of Encryption and Third-Party Risk Management

08:40 Implementing a Zero Trust Model

10:35 Key Performance Indicators and Key Risk Indicators

11:30 Recommendations for 2024: Increasing Malware Resilience and Security Staffing

13:52 The Role of MSSPs in Healthcare Organizations

21:34 The Dangers of Focusing Solely on Compliance

23:29 Key Takeaways: Executive Commitment, Talent and Skills, Prioritizing Protection, and Preparedness

Learn more at accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

Learn more at accesspointconsulting.com.

Summary

The conversation focuses on privacy and how to protect personal and corporate data. The speakers discuss core principles for safeguarding customer and employee data, including data minimization, secure coding practices, and continuous testing of controls. They emphasize the importance of communication with the board and legal teams, as well as the need for data retention and disposition schedules. The conversation also covers privacy training for software developers and IT professionals, as well as contractual obligations for vendors regarding data privacy. The speakers highlight the need for a national privacy standard in the US. The conversation covers various aspects of privacy, including data deletion and obfuscation, mobile device management and privacy, the effectiveness of privacy controls, future trends in privacy, and the importance of policies and training.

Takeaways

• Establish a process for regular data inventory and minimization to only keep business-critical information.
• Implement secure coding practices and testing to ensure the security of software and applications.
• Continuously test and validate controls to ensure they are operating effectively.
• Communicate privacy and security effectively to the board and ensure they understand the business risks.
• Automate data classification and protection processes to improve efficiency and accuracy.
• Develop data retention and disposition schedules to manage data throughout its lifecycle.
• Provide privacy training for software developers and IT professionals to ensure they understand data privacy regulations and best practices.
• Include contractual obligations for vendors regarding data privacy and ownership.
• Offer options for users to revoke consent and request data deletion to comply with privacy regulations. Organizations should be transparent about the data they collect and have a well-defined and legally compliant procedure for data deletion or obfuscation upon request.
• Mobile device management should consider whether the device is employee-owned or corporate-owned and implement controls to protect sensitive data.
• Privacy controls should be regularly evaluated and proven effective to mitigate business risks.
• Future trends in privacy include increased litigation, attestations, and certification requirements.
• Policies and training are crucial for ensuring privacy practices and procedures are followed and understood by employees.

Chapters

00:00 Introduction and Overview

03:05 Core Principles for Protecting Customer and Employee Data

05:48 Real-World Examples of Implementing Privacy Controls

10:03 Implementing Secure Coding Practices and Testing

12:52 Continuous Testing and Validation of Controls

16:35 Communicating Privacy and Security to the Board

19:22 Automation for Data Classification and Protection

22:31 Data Minimization Strategies

25:18 Micro Training for DLP Policy Triggers

27:34 Working with Legal and CFOs

31:16 Data Retention and Disposition Schedules

34:28 Privacy Training for Software Developers and IT Professionals

36:25 Contractual Obligations for Vendors Regarding Data Privacy

40:18 Options for Revoking Consent and Data Deletion

48:07 Data Deletion and Obfuscation

52:12 Mobile Device Management and Privacy

58:01 Effectiveness of Privacy Controls

58:52 Future Trends in Privacy

01:01:18 Importance of Policies and Training

In this episode of the Virtual CISO Happy Hour, we explore the world of phishing threats and the best practices to recognize and report them. Our panel of cybersecurity experts discusses:

• The significance of user awareness and training in combating phishing threats.
• The role of email security through DNS, including an in-depth look at DMARC, SPF, and DKIM.
• The importance of limiting privileges, especially in fast-paced organizations, to reduce the attack surface.
• The criticality of software updates, both on workstations and servers, to ensure the latest security measures are in place.
• The emerging challenges posed by AI and large language models in crafting sophisticated phishing emails.

Listen in as we emphasize the importance of user education as the last line of defense, and often the most effective, against phishing attacks.

Summary

The conversation focuses on the importance of cyber hygiene and basic security practices. The panelists discuss the need for organizations to prioritize cyber hygiene and ensure that basic security measures, such as patch management, password hygiene, and access control, are in place. They emphasize the role of both organizational and personal behavior in maintaining cyber hygiene. The panelists also highlight the significance of managing third-party and supply chain relationships in cyber hygiene. They stress the importance of asset management and monitoring in maintaining cyber hygiene. The conversation concludes with a discussion on the role of compliance audits and the need for improvements in security and cyber hygiene practices.

Takeaways

• Cyber hygiene is essential for organizations to protect against basic attacks and prevent breaches.
• Basic security practices, such as patch management, password hygiene, and access control, should be prioritized.
• Managing third-party and supply chain relationships is crucial for maintaining cyber hygiene.
• Asset management and monitoring play a significant role in cyber hygiene.
• Regular assessment and training are essential for maintaining cyber hygiene.

Chapters

00:00 Introduction and Panelist Introductions

02:06 Importance of Cyber Hygiene and Basic Security Practices

05:26 Cyber Hygiene Program and Safeguards

08:16 Insider Threat and Importance of Managing Service Accounts

10:10 Cyber Hygiene in Third-Party and Supply Chain Relationships

13:32 Asset Management and Monitoring in Cyber Hygiene

24:05 The Role of Compliance Audits in Cyber Hygiene

30:17 Improvements in Security and Cyber Hygiene

35:30 Leveraging Personnel and Monitoring in Cyber Hygiene

38:26 Importance of Regular Assessment and Training in Cyber Hygiene