Let’s face it: it is a matter of when your company is going to get hit by digital attackers and how hard, not if. This causes a lot of pain and overall damage, both of which are not good for business. Cyber attacks are at the forefront of news headlines and are plaguing C-Level executives' thoughts; unfortunately, these attacks are going to get more and more complex and impactful. When the smoke clears from a successful digital attack or data breach, who is to blame? The company? The vendor? A third-party vendor? Who is going to assume the liability and take the heat for this one? One would recommend looking at the basic fundamentals. Just look at Equifax and how addressing a basic patch management process could have addressed the root cause. The same happened to the Women’s Health Care Group of Pennsylvania. Both of the provided examples clearly demonstrate that a lack of security controls compounds the severity of a breach when there's no one to seemingly blame or to take responsibility for their actions. Cyber attacks, if not adequately protected against, will come out of the shadow and grab a hold of the company's backbone. And as businesses in healthcare grow more and more dependent upon technology, the concern and costs surrounding cyber attacks will get bigger and bigger. If a firewall company might make a faulty system that inadvertently damages other organizations, does it mean that the provider company or the company that bought it to ensure its functionally is at fault? Or, are we just out of luck, and we have to let the chips fall where they may? The fact of the matter is that it's not a black and white answer; it is a multilayered answer with complex codependency of safety, privacy, and overall rights. It is not the companies' fault or the experts' fault but more so the law's fault. There are laws in place that are outdated and serve no purpose anymore that's clear in this digital age. The change needs to start at the top, not only from a company point of view but also from the law. There are some bills in place that are outdated and need to catch up with the times. Updating these bills, much like updating servers and other critical devices, are needed to ensure people's safety.
About the Author: Ricoh Danielson is a U.S. Army Combat Veteran of Iraq and Afghanistan. As a digital forensic expert in cell phone forensics for high profile criminal and civil cases, Ricoh has a heavy passion for information security and digital forensics that led him to start up his firm (Fortitude Tech LLC) in the middle of law school to become Phoenix’s heavy hitting digital forensic powerhouse. He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
