Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

No single organization is prepared to stop an attack from a nation-state Not so long ago, I woke up every morning focused on one thing: finding and exploiting vulnerabilities. During my 10 years working for the U.S. National Security Agency (NSA), my single objective was to identify and exploit networks to collect foreign intelligence. I was fortunate to work alongside the world’s best professional vulnerability and exploit developers. My time serving my government was formative and humbling.

Modern healthcare is amazing. Hundreds of people, devices, and gigabytes of data are all harmonized to save lives and keep people healthy. Unfortunately, the very pieces that help keep us well provide a perfect hunting ground for threat actors. Threat actors are attracted to the data rich environments in healthcare organizations.

Picture this: unfortunately you had to let one of your engineers go. No matter how many times you tried to tell them, after countless interventions and meetings with the engineering lead, they simply wouldn’t stop using tabs instead of spaces. An absolutely unforgivable offense. A few weeks later, suddenly your production Snowflake database is wiped out. You log on to assess the damages and you check the SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY for every user in the system.

The concept of storing sensitive data in the cloud was once seen as ludicrous. Now, businesses are moving into cloud security at an exponential rate with the promise of larger storage space, lower costs, and improved performance. However, with such great benefits come severe risks.

The only constant you can count on in technology is change. From microprocessors to PCs to smartphones to software, technology continues to become faster, smarter, and more sophisticated. But make no mistake: what’s changed the most in the world of technology over the past few decades is the hacker. Hackers are highly motivated to stay ahead of the latest security trends. It’s how they keep from getting caught, and how they keep the fun and profit rolling.

If the past several years of technology advancements, pandemic adjustments, and increased cyber threats has taught us anything, it’s that data security and governance are the responsibility of the entire corporate team. Of course, the primary responsibility rests with the executives and the CISO or security team they’ve empowered, but the scope and scale of protecting critical data assets is too large for any single business unit to tackle.

We’d like to think of our coworkers as trusted team members, collaborating on a shared mission to make positive contributions to the well being of the company. For the most part, this is true, but we must also recognize that our coworkers are individuals who may conduct themselves in ways that are detrimental to the company.