As if the cybersecurity breaches of the past year weren't enough to encourage companies to be more invested in their security practices, the recent attack on Anthem should be the kick every company needs. 2014 proved itself to be the year of cyber attacks on the retail industry. In only its first three months, 2015 is shaping up to be the year cybercriminals turn their attention on the health care industry. As we saw with Anthem, criminals start with systems breaches, taking users' personal information, and follow up with phishing attacks via email. This one-two punch is a common occurrence in cyber attacks, with criminals going to where there is known vulnerability. Criminals follow the headlines, too.
Companies have been moving to digital markets at rapid speeds, and storing virtual warehouses full of personally-identifiable information – irresistible targets for cyber criminals to attack. Once breached, criminals can mine this information for their own personalized campaigns to hijack consumer's computers and phones, stealing their digital identities, and disrupting their lives. In the health care industry, this is most evident in the World Privacy Forum finding that the dark market cost for stolen medical information is $50, compared to $1 for a stolen Social Security number.
This begs the question: whose responsibility is it to lead the fight against cybercrime and protect valuable health care data? The answer: it's not just one person.
Historically, CIOs and CMOs have had very clear-cut job descriptions, and rarely worked together. The CIO is tasked with managing company data, and the CMO is responsible for brand and company reputation. However, roles are beginning to merge with the CMO's digital strategy for the brand tied to customer experience. This experience is dependent upon CIO execution.
In 2010, CIOs started working with CMOs to meet the needs of the growing digital marketing strategy and digital workforce. Companies spent massive amounts of money to create core systems to drive personalized digital experiences, however nothing was spent to secure that data. Today, customers are starting to fight back – as we've seen with customers already filing lawsuits against Anthem. Not only does a company lose data in a breach, it also loses customer trust and brand reputation. Thus, CIOs and CMOs must continue to work closely together to avoid company, brand and customer harm. Additionally, companies should start bringing the CISO into the mix to ensure security standards are met.
With the lack of email security leading to numerous breaches, the failure to invest in the appropriate email security measures is not an option anymore. Thankfully, there are initiatives being put in place to help organizations better protect their users and brand. NH-ISAC is one such organization working to help the health care industry move from reactive to proactive measures when it comes to security practices.
All it takes is a cyber criminal sending one malicious email to lose a customer, and one follow-up campaign to lose a brand, revenue and customers. CIOs and CMOs must start working together to understand how security breaches affect their company in various ways and, from there, put an end to the one-two punch of cyber attacks. By building on each executive's expertise, the company's security practices are sounder, and the company and consumer data is proactively secured.