62 minutes.

That’s the average amount of time it takes for threat actors to “fully get a foothold” into a system and gain access to data, according to Steven Ramirez. “You basically have an hour.”

For an integrated health network like Renown Health – or any healthcare organization, for that matter – it’s not a lot of time. That’s the challenge facing cybersecurity leaders; meeting it, as we’re learning, requires not just sophisticated tools and methods, but also a bit of storytelling.

“You can never let your guard down,” he said. “We need to keep that methodology to adhere to our structure, mission and values, and our strategic plan. This is where we’re going, and cyber is an imperative to support all of that.”

Steven Ramirez

For CISOs or CISTOs (Chief Information Security & Technology Officers), as in his case, it has become increasingly vital to be able to communicate the importance of continuously investing in cybersecurity initiatives. During a recent Unhack the Podcast episode, Ramirez spoke about his approach to selling cyber, and the multilayered, rapidly evolving strategy Renown is leveraging to secure data.

Layered defense

The ultimate goal is simple, relatively speaking: “Keeping us out of the papers,” he said. “From an ROI perspective, it’s been fairly easy to justify the why. Our executives know that this threat isn’t going away,” and can provide the support needed to deliver on their mission. 

What has also been critical is his solid relationship with CIO Chuck Podesta, who has consistently “championed” cybersecurity by serving on committees with Ramirez and presenting to the Board.

“He’s very security focused, which makes my job easier,” he noted. “Our thought process is to show the big picture of where we are from a maturity standpoint and where we’re going over the next three years.”

One of the pillars of that three-year strategy is identity threat detection and response. “The more you can do on the endpoint before they get to our crown jewels, the better,” Ramirez said. However, it isn’t always feasible to keep attackers outside the perimeter, which is where deception technology can play a key role by diverting bad actors. “It’s like throwing a few $20 bills outside the bank to slow them down before they get in,” he said. “It’s a very underutilized technology,” and one that can buy extra minutes. “Because again, time is of the essence. So you really need that layered defense.”

It also takes some of the heat off his team, who are often bogged down with day-to-day responsibilities. “We think AI can do some great stuff here,” along with telemetry monitoring and other cutting-edge tools that can help Renown live up to the mantra of ‘prepare, fortify, combat,’ he added. “That’s how we’re going to tackle a lot of the core fundamentals of security.”

Act first

Another one of those fundamentals is response, which has become increasingly critical given the uptick in cyberincidents in recent years. “No matter how good your ‘secret sauce,’ no organization is bulletproof,” Ramirez said. To that end, Renown is looking at Privileged Access Management and Zero Trust solutions to help prevent – or at least, significantly reduce – authorized access to data and services. “We’re putting in some pretty cool technology that’s going to help operationalize our approach.”

Another key part of that strategy? Empowering the security operations center (SOC) to not just identify potential breaches, but act on them. “The idea is, instead of my SOC manager telling me something is going on, let’s just kill that activity,” he said. “If you see it, take care of it, and then we’ll regroup.”

When it comes to response and resiliency, Ramirez believes Renown – as well as the entire industry – is merely “scratching the surface” in terms of how technology can be leveraged to create safer environments. As more metrics are created and placed into dashboards, teams will have access to more and better information.

“There’s a lot of information we can get from endpoint detection and response systems,” noted Ramirez. “We’re making good investments in technologies like threat intelligence – how can we boil that down to make sense for dark web monitoring, compliance, risk management, and the resiliency piece?”

It’s a question his team will continue to focus on in the months (and years) ahead. “I think we’ve done a great job in vulnerability management, but there’s more to be done.”