H-ISAC’s 2018 Fall Summit: Musings from the air…

I am currently at 30,000 feet on my way to the H-ISAC Fall Summit in San Antonio and considering what this week will bring. Joining me on the plane leaving Newark Airport are several large pharmaceutical and healthcare CISOs whom all share a similar goal – to ensure the security and privacy of the community and their individual organizations. While each has significant resources dedicated to IT security, the theme of the H-ISAC event is very timely: Never Stand Alone. While simple, I believe this is a profound theme. It is only through a community that we can solve important and challenging security problems.

We find ourselves at a very difficult period in our cyber history. We see breaches continuing to plague the healthcare industry. Organizations of every size are attempting to deal with new adversaries both internal and external, including increased complexity from technology architectures enhanced with AI and Blockchain. Couple this with a shortage of cybersecurity professionals and stagnant budgets, and it becomes clear that a new model is necessary. These challenges will only continue to accelerate; we need to be more aggressive about solving this from a community perspective. We need to enlist the rest of the team. We talk about community and then have security events without senior business leaders and company representatives. I would love to see some CEOs, directors, legal representatives, contract managers, and others at these events moving forward. Perhaps a daily community security briefing for leaders developed by the leaders in the community. With the help of the rest of the community (including management and individual contributors), progress can be made.

In addition to the standard cybersecurity challenges, we are also facing several economic and geopolitical risks that will put additional pressure on security organizations. The current international discourse will likely make it harder to get information from trading partners across the globe as they look at tariffs and other protections for local/national providers as risks to their business. We need to figure out how to break through these potential roadblocks using the community as a model for sharing cybersecurity information and training. I hope and expect that some of the newest cyber regulations over the last several weeks will have a strong positive impact here as well.

It often feels like we are playing whack-a-mole as new risks create new requirements on the business and its partners. As such, third party risk continues to be a major discussion at the H-ISAC Summit and other conferences around the globe. Prevalent’s Healthcare Vendor Network (HVN) is growing to meet these demands. I am excited to speak with HVN members and board members who help steer the network. We are continuing to streamline the content, process, and technology with the TPRM Steering Committee to make this better for the entire community. Thanks to everyone involved! I am also excited to hear Prevalent’s Brenda Ferraro present a Use Case with Pfizer on solving Third Party Risk.

Looking forward to a great event with the entire H-ISAC team. Will let you know how it went on the flight back…