A report from CDW, a technology and service provider, showed how recent trends, including staff shortages, are impacting cybersecurity in healthcare.
The Big Picture
CDW surveyed over 950 technology and security professionals across multiple industries in the United States earlier this year. The results covered a variety of topics, from funding to training and readiness.
One of the biggest takeaways? Many industries are facing profound challenges in cybersecurity, and healthcare is no different. Vice president of security for CDW, Stephanie Hagopian, said, “There is a really powerful message that comes out of the research, that there’s a ton of commonality in terms of what organizations are facing, regardless of industry or size.”
Hagopian emphasized the importance of keeping cybersecurity at the forefront of industry discussions and remaining open to new initiatives for better outcomes.
“We’re seeing novel attacks such as those from Volt Typhoon actors right now against critical infrastructure targets…Those not only represent a whole new challenge generally, but what we’re finding is that these attacks are incredibly difficult to detect,” shared Buck Bell from CDW’s Global Security Strategy Office.
The report ultimately highlighted the current strengths and challenges in cybersecurity and what industry professionals should do next.
Current Challenges and Strengths
While cybersecurity has greatly progressed over the years, with updated standards for security and more tools than ever, some issues remain pervasive in the field.
Funding
Many organizations cited budgetary limitations as a challenge. 27% of professionals said more resources are needed to improve security. To help combat this issue, many believe that stakeholders should be aware of the costs of data breaches.
A 2023 report showed the average cost of a data breach is $4.45 million, but for healthcare, the cost skyrockets to an average of $10.93 million. While many organizations are hesitant to invest in cybersecurity, in reality, it´s far more expensive to not allocate necessary resources for data security.
Training
Outside of funding, training is also a challenge for many organizations. CDW´s report found that 31% of respondents believe current training is either insufficient or ineffective. Hagopian shared, “Developing your workforce is really essential so that your team is better equipped to handle the dynamic threat landscape.”
Adding to the complexity is the number of tools available. The report found that 68% percent of organizations operate between 10 and 49 security tools and/or platforms. These various tools can be difficult for professionals to keep up with, especially if their significance is unclear.
The cloud especially presents many advantages, but only if used correctly–otherwise it can present new challenges and become more costly.
CDW expressed that automation can be a helpful strategy, but training remains a critical component.
Training is also helpful in retaining cybersecurity staff; 77% of respondents said certification and educational opportunities helped keep qualified staff. Despite the benefits, Cloudticity finds that trainings and certifications can be expensive.
Staff Shortages
The last major challenge currently faced is staffing shortages of skilled cybersecurity professionals. Approximately 25% of respondents believe their teams are understaffed or severely understaffed.
45% of respondents shared that the majority of their stress is caused by a lack of staff. “Staffing issues tend to be pervasive, and automation is definitely an effective way to contend with those challenges,” said Hagopian.
Increased Readiness
While there are challenges organizations will need to overcome, overall the report found an increase in readiness. 32% of respondents stated they felt “very prepared” while 49% felt “somewhat prepared.” Only 10% said they were currently unprepared.
CDW shared that the increase is likely due to heightened awareness surrounding cybersecurity.
What Organizations Can Do
As organizations, particularly in the healthcare sector, prepare for evolving trends, there are steps every organization can consider.
Outsource Tasks
Many organizations are or have considered outsourcing certain tasks. 36.1% outsource security training, while nearly 27% utilize managed security services.
CDW experts say this is a great option. In healthcare, organizations are ultimately aiming to provide quality care, yet because of the critical nature of the data they host, they are forced to pay significant attention to cybersecurity. By outsourcing cybersecurity, these organizations can focus on mission-critical work.
Read Next: Seven Reasons to Consider Managed Security Services for Healthcare (blog)
Increase Visibility
According to CDW’s research, visibility in an organization’s cybersecurity is crucial, helping organizations understand their potential vulnerabilities and any unused capabilities. Many companies have taken note and are improving visibility; approximately 50% of respondents were somewhat confident in their visibility.
Buck Bell highlighted the importance for every organization to improve visibility, “When you look at identity and access management, it enables you to control access using things such as traditional credentials and multifactor authentication.”
Enhance Security
Many organizations feel confident about their security tools, although there is persistent difficulty in integrating them and ensuring staff are adequately trained. Nevertheless, a number of organizations employ network security, data security, and encryption.
Experts believe that for many organizations, a breach or threat is likely. “Organizations need to operate under the assumption that they’ll be breached at one point or another,” said Bell.
Part of this is the push for zero trust, an approach that requires all users to be authenticated and requires continuous validation for individuals to be granted access to applications and data. Over 41% of respondents said they were in an advanced stage of zero-trust implementation. While this is excellent progress, organizations should strive for 100% implementation.
How Cloudticity Can Help
Cloudticity has been a leader in managed security for healthcare for over a decade, utilizing a proven security tech stack of the best services and tools. It’s time-tested too; Cloudticity has never experienced a data breach.
Cloudticity is specifically designed to help alleviate modern cybersecurity concerns. We recognize that the cloud has rapidly grown in popularity and there are rarely enough experts to fill the demand for jobs. Training and hiring internally is time-consuming and costly, but Cloudticity offers a simple solution to ensure you have the best experts working to keep your cloud safe.
With increasing data breaches and ever-evolving trends, it’s more important now than ever for companies to be diligent. Breaches now cost millions per event, and can lead to lawsuits, loss of reputation, and downed operations.
Learn more about how Cloudticity’s Managed Security for Healthcare can help you address cybersecurity trends. Reach out today for a free consultation.