Cybersecurity: Adapt to stay ahead

Q. In 30 years, we’ve never had a cyber incident. Why should we do anything different than what’s always worked? 

A. I get this touchy question a lot. There are good reasons why what you have today might be good enough. You may have a robust security and compliance program in place that you regularly review for weaknesses – great! Or, you may truly have no budget to make changes; if so, I strongly recommend figuring out how to make incremental improvements as soon and as often as possible. For everyone else: 

The only constant is change  

Bad guys heavily rely on unfixed vulnerabilities to gain access and wreak havoc. In effect, there is an eternal race between the bad guys using exploits and the good guys fixing them. But an exploit that remains unfixed and unprotected is a ticking timebomb.  

Work should be delegated to experts  

Just like you wouldn’t hire an admin to administer patient care, or a vice president to schedule appointments, it is important to rely on those who are sufficiently qualified and experienced to develop and manage a program that addresses evolving security concerns. Anything less would be negligent. 

Transfer risk  

A limited security program without professional oversight or proper insurance places all the risk on you. Identify risks and find ways to mitigate or transfer them through comprehensive protection, monitoring and insurance as a final stopgap. 

What if you lost everything? Think about the worst-case scenario. What if things end up worse than you could imagine and you lose everything? What would you be willing and able to pay to prevent that from happening? That’s a great starting point for a budget. According to Gartner, a typical health care IT budget is around 4.3% of revenue, including infrastructure, software costs and security stack. 

Tried and true doesn’t age well in cybersecurity. Evaluate and adapt to stay ahead. 

Jason Kirkhart is CEO at beetoobi. FMI: www.beetoobi.com.