Some excerpts from the conversation:
Sharing is a very cost-effective way to be able to mitigate against threats. It’s a great way to learn what’s out there, what others are doing and how to protect yourself.
Past focus has been on compliance and privacy. The new focus should be on operations and being able to deliver healthcare, which entails preparing for cybersecurity. For ex, during WannaCry, surgeries needed to be canceled because the imagery could not be accessed.
It’s not just about data anymore; it’s about people’s lives and the H-ISAC community is doing something to help.
H-ISAC is growing at a rapid pace. People are coming to us saying, “We want to join; what do we need to do?”
There is a change happening in the role risk plays in the organization. The CISO and cybersecurity teams are being moved underneath the Risk Officer.
Being able to evaluate the risk an organization has is absolutely key. We are changing our conversations from the word “cybersecurity” to “enterprise risk management.”
The biggest attacks this year have all been the result of third parties. Understanding third parties and the risk they impose is absolutely imperative.
Bottom line: There will always be attacks and they are always evolving. Organizations need to instill cybersecurity best practices, basic cyber hygiene and educate employees. Make sure you have the funding and infrastructure for situational awareness – which can come from information sharing – to help shore up your organization to make sure you’re doing the basic actions to help protect.