View
50
Download
2
Category
Preview:
Citation preview
Lessons Learned From The Frontlines Of Cybersecurity
“When I started my
career, cybersecurity
didn't really exist...
it’s hard to get a virus
from using a punch
card.”
- Joe DeVenuto
www.myimagequest.com | info@myimagequest.com | 877.517.6915
June 2016
It seems like hardly a week goes by without news of yet another data breach
making national headlines. The severity of today’s advanced cyber attacks is
paramount and far more advanced compared to that of even ten years ago.
Understanding cyber attacks, your vulnerabilities, what they affect and what’s at
risk, is imperative to protecting yourself and your company against them. What
should you consider in regards to cybersecurity? Where do you start? Who is
responsible for managing your organization’s security measures, and are you
really at risk?
To help answer these questions and more Joe DeVenuto, Kindred Healthcare’s
Clinical Systems Development VP and cybersecurity veteran, agreed to sit down
with ImageQuest CEO, Milton Bartley, to discuss his experiences and lessons
learned from the frontlines of one of the most pressing technology topics of our
time, cybersecurity.
DeVenuto, currently the VP at Kindred Heathcare, the largest diversified provider
of post acute care services in the U.S., is an accomplished technology and IT
healthcare executive with more than 25 years of senior leadership experience.
Joe specializes in healthcare ecosystems, infrastructure, operations, technology,
and informatics and has a solid track record of managing large-sale IT security
operations. Here’s what he has to say about his journey from the frontlines of
cybersecurity.
Q: How has cybersecurity threats and counter-security changed over your
career?
A: “Well, when I started my career, cybersecurity and cyber attacks didn’t really
exist… It’s hard to get a virus from a punch card! Whereas today, it’s top of
mind, warrants a very serious conversation, and is something all decision-
making executives, regardless of their job function, must consider. 20 years
ago we weren’t sharing a lot of information online like we do today. The “bad
guys,” the ones hacking our networks are extremely diligent and
________________________
Joe DeVenuto VP, Clinical Systems
Development Kindred Healthcare
A: continuously finding new ways to hack. Security is
no longer an afterthought and business owners and
technology professionals must do their own due
diligence to ensure their networks are not exposed.
We’re constantly moving data around now, we’re
all at risk, and it’s imperative to understand, plan,
and document a plan to manage and protect your-
self and your information.”
Q: How does hardware standardization within an
organization aid in cybersecurity?
A: “Standardization creates repeatability and reduces
variability. If we can crack the nut on how to secure
one device, we can secure it for all devices. Simi-
larly, if we find a hole in the security on a device,
we can find a hole in every other device. The more
I can standardize, the more I can make sure I’m
protecting that entity and the organization. Every
option (device) you add to your network creates
complexity in support and complexity in protection,
and every new device is a whole new image and a
version I have to take care of. It’s a major
deviation. IT is one of the biggest expenses for
most companies. I have to be very respectful of the
responsibility I’ve been given to secure and protect
the organization; IT requires major discipline.”
Q: Most of our clients are small businesses with
fewer than 100 employees, and many don’t think
they are at risk of a cyber attack. How would you
respond to that?
A: “Even though headlines are made up of the big
name data breaches, it’s the small to medium sized
businesses that are the first to get hacked. The
majority of businesses in the United States are that
of small to medium size. Intellectually, it makes
sense that they would suffer the majority of cyber
attacks… they just aren’t the ones making the
headlines. In fact, 6.2 MILLION records were
hacked and exposed in the first quarter of 2016
alone and I can tell you that it’s the ‘Joe’s Pizza
Shacks’ of the world that think “it wont happen to
me” and don’t take the proper security measures to
protect themselves that fall victim. To a cyber hack-
er looking for holes and vulnerabilities in online net-
works, the small guys are considered easy targets
and low hanging fruit. The door is unlocked and
again, it’s not a matter of if, it’s a matter of when
and how bad.”
“Even though headlines
are made up of the big
name data breaches, it’s
the small to mid sized
businesses that are the
first to get hacked.”
- Joe DeVenuto
Photo Caption
www.myimagequest.com | info@myimagequest.com | 877.517.6915
Contact Us
Give us a call or email us
for more information
about our cybersecurity
services.
(877) 517-6915
info@myimagequest.com
Visit us on the web at
www.myimagequest.com
Q: How have the recent high profile data breaches affected what you do?
“Those recent headlines and high profile data breaches shed light on the topic.
It brings visibility to the seriousness of the issue and it means senior leadership
has to start asking questions. Again, it’s no longer a matter of if you’re going to
have a breach, it’s a matter of when, and how bad is it going to be? How do we
balance protection and security without hindering our employees’ ability to
work. And having a well thought out documented plan means that when it does
happen, you’re able to recover quickly with less downtown… it could mean
hundreds of thousands of dollars for every minute you’re down!”
Q: Why would a business want to create and test a cyber incident response
plan?
A: “Like everything else, you have to have a strategic plan that you and your
team can execute when an unexpected incident occurs. Being reactive to an
unexpected situation such as a cyberattack could further hinder your ability to
get back up and running as quickly as possible. And again, that downtime
could mean hundreds of thousands of dollars for every minute you’re down.
With a documented response plan, you have a clear cut outline of the
appropriate response that has been tested and thoroughly thought out. You
don’t want to be scrambling to figure out what to do after it happens, you need
to have a documented plan for WHEN – and it is a matter of when it happens
– vs reacting.”
From the frontlines of cybersecurity we’ve learned that protecting the lifeblood of
your organizations - your information - warrants a very serious conversation and
with good reason! We’re here to help you adhere to security best practices and
navigate the ever evolving landscape of cybersecurity.
www.myimagequest.com | info@myimagequest.com | 877.517.6915
Recommended