Healthcare Security Professionals Have Reduced Confidence in Assessing IT Risks
Healthcare security professionals are finding their ability to assess IT security risks is lower now than ever before. This is one of the reasons the healthcare industry received an overall “D” grade on its 2017 Global Cybersecurity Assurance Report Card, conducted by network security firm Tenable.
As cybercriminals become more sophisticated, and increasingly target the health are industry, healthcare security professionals need to find ways to assess and mitigate cyber risks in order to protect information assets. But the report shows participants scored only 61 percent on the risk-assessment index — a 12-percent decrease from 2016.
The Tenable report gave the healthcare industry a failing grade of “F” in assessing risk in the following areas: DevOps environments, containerization platforms and mobile devices.
“A notable concern includes failing grades in risk assessment scores for containerization platforms (52 percent), DevOps environments (57 percent) and mobile devices (57 percent),” according to Tenable’s report. “This can be explained, in part, by the accelerated adoption of cloud and mobile computing, combined with the emergence of DevOps and containers that increase the complexity and decentralization of enterprise IT,” the report added. “Together, these advances make it more difficult for security teams to see everything on their networks and accurately assess cyber risks.”
Despite failing grades in specific facets of healthcare security, the healthcare industry does receive some passing grades. Tenable gave a grade of “B-” in the following areas: conveying risks to executives and board members, measuring security effectiveness and viewing network risks continuously.
Tenable also found that emerging technologies pose as a weak spot not only in healthcare security, but across all industries, the source noted. Moreover, based on Tenable’s report, respondents from around the world rank risk assessment for cloud and mobile as the top enterprise security weaknesses.