Companies no longer view cybersecurity as strictly a tech problem and see it more as a business risk, according to a Wall Street Journal report.
Health insurance provider Aetna is one such organization looking at privacy and security from a business-oriented point of view.
Aetna Chief Information Security Officer Jim Routh tells the WSJ that he looks at how the payer's ecosystem has changed every day and then creates a daily risk score, which he delivers to company execs.
"We're transparent about the risks to pretty much anyone inside the company because knowing the risk is the first step toward mitigating and managing that risk long term," he says.
Payers Premera and Anthem face intense scrutiny as a result of cyberattacks that compromised the personal information of millions of consumers across the United States. Those breaches put health insurance providers under the spotlight when it comes to security efforts.
Technology isn't the magic wand that can make cybersecurity problems go away, Kennet Westby, president of Coalfire Systems Inc., a cyber risk advisory firm, says in the article. Understanding risks throughout the business helps companies respond quickly to threats.
Aetna's security team works to mitigate issues by meeting daily to talk about the threats it faces. This is done simply, using a spreadsheet that looks at security controls within the payer, Routh says. The team then ranks every threat every day.
However, not every company has the time or resources to do what Aetna does every day. Many have similar meetings, but often just monthly, the article says.
When prioritizing security tasks, Robert M. Lee, a co-founder at industrial control systems security firm Dragos Security LLC, tells the WSJ, focus on the basics. These include deploying intrusion prevention systems, antivirus software and installing firewalls.
"I can have all the best threat intelligence in the world and figure out how to leverage it but if I have unpatched systems then I'm wasting my time," he says.
To learn more:
- read the Wall Street Journal post