The expansion of the Internet and availability of information online has lead to an equivalent expansion in cyber crime, or cyber terrorism. In fact, in 2013 the Office of Cyber Security and Information Assurance reported that “93% of large corporations and 87% of small business reported some form of cyber breach in 2012” (Brewer, 2014). Also, President Obama labeled cyberthreats as an incredibly serious economic and national security challenge (Artlisch and Edelman, 2014).
Cyber crime presents itself as an arduous task to solve given the dynamics of cyber space. Even though cyber security and culture began to take form around the same time as cyber crime, cyber crime is advancing much quicker, which creates a multitude of problems because as cyber space expands, it creates more open areas from cyber criminals to penetrate (Spaleivc, 2014). Currently, the idea of “cyberterrorism” is one that the healthcare sector fails to understand (Harries and Yellowlees, 2013). …show more content…
However, healthcare presents itself as a prime target for attacks. In the United States alone, the industry accounted for 17% of GDP in 2009, or $2.5 trillion, and the distribution and use of information systems is extensive (Harries and Yellowlees, 2013). In studies by the Ponenom Institute in 2012 and 2013, 90% of healthcare organizations saw their patients ' data exposed or stolen in some form (Conn, 2015).
This report serves to examine the challenges of generating resilient cyber security strategies and to provide recommendations for how major healthcare corporations can effectively mitigate cyber attacks and keep their information safe.
Problems with Cyber Security in Healthcare Lack of Information about Cyber Security Analysts recognize a system 's susceptibility to security breaches and managers can identify the prospective implications of a cyber attack, but not much methodology exists to quantify both indirect and direct costs (Pfleeger and Rue, 2008). Also, because cyber security challenges are extremely technical in nature, companies often possess personnel who lack the proficiency to simultaneously monitor the security system and comprehend it (Spaleivc, 2014). Corporations experience great difficulties in keeping up with the chaotic rate of evolving software because hackers already have their next set of attacks ready previous to system updates that were designed to repair it from prior attacks (Rungta, Raman, Kohlenber, Li, Dave, Kime 2004). Evidence exists to hint that even companies that have tried to identify and thwart attacks have “fallen victim to significant security breach incidents” (Pfleeger and Rue, 2008). Countermeasures that are effective today can be ineffective tomorrow, which creates a need for a swift and efficient method to shed light on the effectiveness of counter measure decisions (Garvey, Moynihan, Servi, 2012). The necessary information needed to improve cyber security has not been completely realized. Prioritizing Other Issues Over Cybersecurity In one survey, 71% of senior IT executives expressed that cyber terrorism is “on the rise” and that this trend “posed a very serious threat to America 's infrastructure” (Harries and Yellowlees, 2013). However, these numbers do not correlate with large investments. After the 9/11 terrorist attacks, many large-scale investments took place in beefing up healthcare security (Harries and Yellowlees, 2013). But despite this expansion in IT budgets, “only a fraction of it is allocated to securing systems within the healthcare industry, so it is to be expected that information systems are vulnerable to attack” (Artlisch and Edelman, 2014). According to industry experts, healthcare organizations on average spend 3% of their IT …show more content…
However, managers need to gain insight on cybersecurity evaluation and use various models to triangulate and decide on the best investment strategy (Pfleeger and Rue, 2008). Using cost-benefit analysis can decrease some uncertainty in cyber security investments and lead to better returns on investment.
For example, the Table Top Approach can dramatically assist companies in their valuation of cyber security investments. This approach uses a matrix layout to compare cyber-event effects in monetized and non-monetized expenditures in order to develop measures of return that compare competing countermeasure investments that protect against various cyber event types (Trojans, malware, SQL injections, etc.) vs. actions taken against them such as prevention, detection, or quarantining (Garvey, Moynihan, Servi, 2012). After completing the table, the approach employs “advanced search algorithms to derive ideal sets of costs benefit investments” that measure cost-benefit return, “net cost savings per dollar invested”, and “net percent reduction