“Please be very careful this morning with anything unusual you receive. My mailbox is receiving hundreds of notifications of sexploitation emails we are blocking, and I have also seen other phishing emails. My phone is beeping about every two to three seconds with notifications. I have never seen anything like this. With the significant geopolitical tension in Taiwan this morning, there are other reports on the media about cyber-attacks in progress in Taiwan, and they may be expanding. The messages we are blocking this morning are from worldwide, so they are bot-driven. Please be extra vigilant. Thank you for practicing safe computing.”
This is an excerpt from an actual email.
Every day thousands of email deliveries like this happen in the healthcare industry.
Microsoft, Crowdstrike, Z-Scaler, Palo-Alto, Tanium, Proofpoint, Absolute, and many others make up an enterprise Health IT security portfolio, all chosen to provide a robust solution to a specific security need. Email security (see above), endpoint hardening, and many acronyms [MDR, SIEM, VPN, DLP, CPSM, CIAM, etc.] are all critical to enforcing your cybersecurity posture. As the head of IT security, it's not inappropriate to say that if one fails, you fail. The result of such a failure can be devastating to an organization. The pillars of ‘Confidentiality,’ ‘Integrity,’ ‘Availability,’ and ‘Safety,’ as defined by Chris Moschovitis, are all at risk.
You’ve made your selections, often after an arduous and rigorous selection process, and now you have the platforms that collectively ‘should’ provide a bullet-proof security posture that your Board can approve of. After all, they figuratively sign the checks.
Security architecture design is done, vendors are chosen to enable that design, and now it’s all about execution. How do you take the design and supporting technologies and make them functioning, adaptable, well-governed security environments appropriate for your needs?
A key area of risk in your complex, multi-vendor world is ensuring that the individual function of each vendor’s platform is implemented in such a way as to not negatively impact other solutions or, where possible, to enhance said solutions. How does your case management solution interact with your DLP, for example? Architecture should address these interactions. But as good as it can be on paper, the implementation of security architecture is critical.
An agile project manager steeped in Health IT security becomes the next and most critical step in your governance process. They are charged with bringing your environment to life and “quarterbacking” the vendors to drive to the desired end-state. They create a high-performance environment of accountability, collaboration, and a customer-first mentality. It’s equal parts art and science and incredibly powerful when done right.
Moschovitis’ four pillars, or your equivalent, are at the forefront of every decision our Project Manager makes. This being top of mind ensures that those disciplines become ingrained in all the technology partners they have been charged with managing. This is how you get a high-functioning delivery team where success is the only possible result.
Many project managers can be chosen, but few can succeed at the level required to instill a collective feeling of “job security” in the ever-changing critical world of cyber.
Wishing you secure sleep.