Lessons Learned From The Frontlines Of Cybersecurity

“When I started my

career, cybersecurity

didn't really exist...

it’s hard to get a virus

from using a punch

card.”

- Joe DeVenuto

www.myimagequest.com | info@myimagequest.com | 877.517.6915

June 2016

It seems like hardly a week goes by without news of yet another data breach

making national headlines. The severity of today’s advanced cyber attacks is

paramount and far more advanced compared to that of even ten years ago.

Understanding cyber attacks, your vulnerabilities, what they affect and what’s at

risk, is imperative to protecting yourself and your company against them. What

should you consider in regards to cybersecurity? Where do you start? Who is

responsible for managing your organization’s security measures, and are you

really at risk?

To help answer these questions and more Joe DeVenuto, Kindred Healthcare’s

Clinical Systems Development VP and cybersecurity veteran, agreed to sit down

with ImageQuest CEO, Milton Bartley, to discuss his experiences and lessons

learned from the frontlines of one of the most pressing technology topics of our

time, cybersecurity.

DeVenuto, currently the VP at Kindred Heathcare, the largest diversified provider

of post acute care services in the U.S., is an accomplished technology and IT

healthcare executive with more than 25 years of senior leadership experience.

Joe specializes in healthcare ecosystems, infrastructure, operations, technology,

and informatics and has a solid track record of managing large-sale IT security

operations. Here’s what he has to say about his journey from the frontlines of

cybersecurity.

Q: How has cybersecurity threats and counter-security changed over your

career?

A: “Well, when I started my career, cybersecurity and cyber attacks didn’t really

exist… It’s hard to get a virus from a punch card! Whereas today, it’s top of

mind, warrants a very serious conversation, and is something all decision-

making executives, regardless of their job function, must consider. 20 years

ago we weren’t sharing a lot of information online like we do today. The “bad

guys,” the ones hacking our networks are extremely diligent and

________________________

Joe DeVenuto VP, Clinical Systems

Development Kindred Healthcare

A: continuously finding new ways to hack. Security is

no longer an afterthought and business owners and

technology professionals must do their own due

diligence to ensure their networks are not exposed.

We’re constantly moving data around now, we’re

all at risk, and it’s imperative to understand, plan,

and document a plan to manage and protect your-

self and your information.”

Q: How does hardware standardization within an

organization aid in cybersecurity?

A: “Standardization creates repeatability and reduces

variability. If we can crack the nut on how to secure

one device, we can secure it for all devices. Simi-

larly, if we find a hole in the security on a device,

we can find a hole in every other device. The more

I can standardize, the more I can make sure I’m

protecting that entity and the organization. Every

option (device) you add to your network creates

complexity in support and complexity in protection,

and every new device is a whole new image and a

version I have to take care of. It’s a major

deviation. IT is one of the biggest expenses for

most companies. I have to be very respectful of the

responsibility I’ve been given to secure and protect

the organization; IT requires major discipline.”

Q: Most of our clients are small businesses with

fewer than 100 employees, and many don’t think

they are at risk of a cyber attack. How would you

respond to that?

A: “Even though headlines are made up of the big

name data breaches, it’s the small to medium sized

businesses that are the first to get hacked. The

majority of businesses in the United States are that

of small to medium size. Intellectually, it makes

sense that they would suffer the majority of cyber

attacks… they just aren’t the ones making the

headlines. In fact, 6.2 MILLION records were

hacked and exposed in the first quarter of 2016

alone and I can tell you that it’s the ‘Joe’s Pizza

Shacks’ of the world that think “it wont happen to

me” and don’t take the proper security measures to

protect themselves that fall victim. To a cyber hack-

er looking for holes and vulnerabilities in online net-

works, the small guys are considered easy targets

and low hanging fruit. The door is unlocked and

again, it’s not a matter of if, it’s a matter of when

and how bad.”

“Even though headlines

are made up of the big

name data breaches, it’s

the small to mid sized

businesses that are the

first to get hacked.”

- Joe DeVenuto

Photo Caption

www.myimagequest.com | info@myimagequest.com | 877.517.6915

Contact Us

Give us a call or email us

for more information

about our cybersecurity

services.

(877) 517-6915

info@myimagequest.com

Visit us on the web at

www.myimagequest.com

Q: How have the recent high profile data breaches affected what you do?

“Those recent headlines and high profile data breaches shed light on the topic.

It brings visibility to the seriousness of the issue and it means senior leadership

has to start asking questions. Again, it’s no longer a matter of if you’re going to

have a breach, it’s a matter of when, and how bad is it going to be? How do we

balance protection and security without hindering our employees’ ability to

work. And having a well thought out documented plan means that when it does

happen, you’re able to recover quickly with less downtown… it could mean

hundreds of thousands of dollars for every minute you’re down!”

Q: Why would a business want to create and test a cyber incident response

plan?

A: “Like everything else, you have to have a strategic plan that you and your

team can execute when an unexpected incident occurs. Being reactive to an

unexpected situation such as a cyberattack could further hinder your ability to

get back up and running as quickly as possible. And again, that downtime

could mean hundreds of thousands of dollars for every minute you’re down.

With a documented response plan, you have a clear cut outline of the

appropriate response that has been tested and thoroughly thought out. You

don’t want to be scrambling to figure out what to do after it happens, you need

to have a documented plan for WHEN – and it is a matter of when it happens

– vs reacting.”

From the frontlines of cybersecurity we’ve learned that protecting the lifeblood of

your organizations - your information - warrants a very serious conversation and

with good reason! We’re here to help you adhere to security best practices and

navigate the ever evolving landscape of cybersecurity.

www.myimagequest.com | info@myimagequest.com | 877.517.6915