Cybersecurity at Healthcare companies

Cybersecurity at Healthcare companies

Digital technologies make it easier and more efficient to deliver patient care and provide better outcomes. However, the rise of digital technologies and the growing interconnectedness between different healthcare systems come with increasing healthcare cybersecurity threats.

Weak cybersecurity measures expose companies to serious risk. Victim companies suffer operationally, as systems are rendered unusable; reputationally, as customers lose trust; and legally, as ever-stricter regulators seek to punish.

The healthcare industry is particularly vulnerable because it uses extremely sensitive data. Pharma companies have proprietary scientific data and intellectual property, medical devices companies develop connected devices, and healthcare companies collect and utilise patient data.

Additionally, operational functions are often literally matters of life and death. Breaches in healthcare and pharma cost more than those in almost any other industry.


After Covid-19, cyber risk is higher than ever

Cyberattacks grabbed headlines throughout 2021 as hacking and IT incidents affected government agencies, major companies, and even supply chains for essential goods, like gasoline.  For healthcare, this year was even more turbulent as cybercriminals took advantage of hospitals and healthcare systems responding to the Covid-19 pandemic.  More than one health care provider was forced to cancel surgeries, radiology exams, and other services, because their systems, software, and/or networks had been disabled

The COVID-19 crisis will continue to test the resiliency of the global healthcare industry.


What can healthcare organizations do to address the challenges?

Strategies include the following:

  • Implementing cybersecurity technology
  • Building a talent pool of professionals skilled in healthcare cybersecurity
  • Developing a healthcare cybersecurity strategy focused on patient privacy protection
  • Addressing vulnerabilities in legacy systems in healthcare
  • Keeping tabs of new developments to understand information technology (IT) challenges


By introducing cybersecurity as a value proposition and formulating clear action plans, healthcare organizations can meet cybercriminals fully armed — and give them a worthy response. See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let’s talk!


(1) Security Magazine
(3) Infosecuritymagazine
(4) Forbes

Picture: <a href=’’>Foto de doctor feliz creado por pressfoto –</a>

Cybersecurity into the company’s DNA

Cybersecurity into the company’s DNA

Today’s organizations, both private and public, face a daunting variety of threats to cybersecurity. A cyberattack can threaten the very existence of an organization (not to mention the jobs of some of its C-suite officers), but the response doesn’t rest solely on a building a better technical solution: we need to create a cyber-secure culture.

Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way?

Research by the Centre for the Protection of National Infrastructure (CPNI) suggests that multiple interrelated factors need to be considered when attempting to change an organisation’s security culture.


But, what is “security culture”?

It is the ideas, customs and social behaviors of an organization that influence its security. It is the most important element in an organization’s security strategy. And for good reason: The security culture of an organization is foundational to its ability to protect information, data and employee and customer privacy.

Not all people learn in the same way. Every organisation and every audience is different when it comes to learning. We believe that a human-centred approach to security, using high impact interventions, can accelerate positive security culture change.

During the pandemic, some industries and organizations have seen their security cultures stagnate or decline. As many organizations transitioned to a work-from-home model, new security issues and concerns emerged, with communication and education becoming somewhat more challenging.


How to Support A Strong Security Culture

There are some very practical and actionable steps organizations can take to develop and nurture a strong security culture across seven distinct dimensions:

• Attitudes: Employee feelings and beliefs about security protocols and issues.

• Behaviors: Employee actions that impact security directly or indirectly.

• Cognition: Employee understanding, knowledge and awareness of security issues and activities.

• Communication: How well communication channels promote a sense of belonging and offer support related to security issues and incident reporting.

• Compliance: Employee knowledge and support of security policies.

• Norms: Employee knowledge and adherence to unwritten rules of conduct related to security.

• Responsibilities: How employees perceive their role as a critical factor in helping or harming security.


We can help you build a solid security culture in your organization, let’s talk?


(1) Forbes
(2) Security Magazine


Picture: <a href=’’>Foto de antivirus creado por –</a>

The Strategic of Cybersecurity Skills

The Strategic of Cybersecurity Skills

Evidence suggests there is a global cybersecurity skills shortage affecting businesses and governments alike, which means that organizations are struggling to fill their cybersecurity vacancies.

With the volume and severity of breaches increasing steadily in recent years, it’s unsurprising that businesses are now recognising the risk and responding accordingly. In fact, global security spending is predicted to reach $1.75 trillion by 2025. To many, this might seem like a positive step – but we need to consider where that money is going. Simply throwing money at the problem is a tactic frequently adopted by organisations, yet it’s proven to be ineffective and can end up making the problem worse. By deploying hundreds of disparate security products to tackle individual weaknesses, the business can become overwhelmed, and teams will miss the bigger picture.


The importance of workforce

Security awareness training usually takes a fixed approach where one cyber threat is tackled at a time. And rather than educating workers on how to best defend the company from threats, this training encourages them to simply recall facts from multiple choice questions that will be quickly forgotten after the course finishes. It bears no relevance to the role these workers will play in the midst of a crisis and treats them like vulnerabilities – not defensive assets.

Each member of the workforce has value to add. So instead of these outdated and ineffective methods, organisations need to focus on three simple factors to develop the cyber capabilities of their entire workforce: exercising, evidencing, and equipping. In other words: continually benchmark the knowledge, skills, and judgement of the workforce; demonstrate risk levels across all business functions by using data gathered from simulations; and use regular cyber exercises to plug any skill gaps. These criteria are critical.

New strategies needed to close the cyber security skills gap

Cyber criminals have exploited the security vacuum created by the shift from secure, centralised office IT systems to the vast constellation of personal devices as people worked from home. Cyber attacks rose 93% in the first half of 2021, compared to the same period last year – an astonishing figure given that 2020 was already breaking cyber crime records.
Cyber security challenges will only become more complex, which means we need to be proactive. It takes time to educate and train highly skilled professionals, and time to gain practical working experience.
If we are going to realistically meet these mounting challenges, we must find ways to bridge the cyber skills gap – by casting our nets wide and leaving no stone unturned, we can build a workforce that is capable of meeting the cyber security challenges of tomorrow.

See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Share your requirements and a representative will follow up to discuss how Soffid can help secure your organization.

(2) cybereason.comPicture:
<a href=’’>Foto de concepto creado por Waewkidja –</a>


Are passwords becoming a weak spot at companies?

Are passwords becoming a weak spot at companies?

Passwords are designed to give you access to an online world while protecting your information. However, with threats looming large, this first point of cybersecurity is becoming a weak spot that can involve dire consequences if unaddressed.

Relying on passwords for security has become increasingly problematic. Devising and remembering a complex password for every account and website is virtually impossible on your own. Yet using weak and simple passwords is a recipe for data breaches, account takeovers, and other forms of cyberattack.

Reports tell us about the situation…

For its report The misfortunate passwords of Fortune 500 companies, NordPass researchers analyzed data from public third-party breaches that affected Fortune 500 companies. The data included details from more than 15 million breaches across 17 different industries.

The researchers looked at the top 10 passwords used in each industry, the percentile of unique passwords, and the number of data breaches that hit each sector.

The word “password” is still being used and misused as the most common password across all industries, including retail and e-commerce, energy, technology, finances, and even IT and technology. Among other passwords in the top ten list, some common choices were “123456,” “Hello123,” and “sunshine.”

According to a Verizon report, more than 80 per cent of data breaches occur from weak or compromised passwords, creating the likelihood of an ongoing vulnerability regardless of how much technology is deployed to defeat hackers.

Certified cybersecurity. Multifactor authentication

Education and awareness are becoming more crucial in cyber security, especially in SMEs.

Two-factor authentication is great but you need to educate people about it because most employees complain about it.

The term “two-factor authentication” refers to a second step to confirm who you are. An additional layer of protection will, by default, provide more security than a single barrier.

The easiest way to “lock the door” on technology is employing multi-factor authentication. This security measure requires users to present at least two pieces of evidence before gaining access to a server, device, database or software program. A cybercriminal who has obtained a user’s login and password, for example, would still need to have access to that person’s unlocked cell phone or email to obtain a time-sensitive verification code.


See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Share your requirements and a representative will follow up to discuss how Soffid can help secure your organization.

How cyber security can protect your digital identity

How cyber security can protect your digital identity

With so much of our personal information available online, criminals no longer need to go through our trash cans for important documents.

Destructive, financially-motivated attacks where cybercriminals demand payment to decrypt data and restore access have been studied and documented for many years.

Yet despite attempts to stop this threat, ransomware continues to impact organizations across all industries, significantly disrupting business processes and critical national infrastructure services and leaving many organizations looking to better protect themselves. Organizations that continue to rely on legacy systems are especially vulnerable to ransomware threats, as these systems may not be regularly patched and maintained.

Key ransomware prevention and mitigation considerations for business and IT leaders

As you plan for a comprehensive defense posture against ransomware threats, here are some key questions to consider:

  • How are you defending your organization’s data, systems and employees against malware?
  • Are your organization’s systems up to date and patched continuously?
  • Are you watching for data exfiltration or other irregularities?
  • What is your comprehensive zero trust approach, especially strongly authenticating my employees when they access information?
  • Are you taking the right back ups to high assurance immutable locations and testing that they are working properly? This should include testing that does a periodic restore of key assets and data.
  • What drills are you conducting to battle-test your organization’s risk management and response to cyber events or incidents?


How cyber security can protect your digital identity

Every time you do something actionable online, like access your social media or sign up for an email subscription, your digital identity grows. This information says a lot about you, so protecting it is crucial.

In the digital age, it’s nearly impossible to avoid having your personal information online. This makes it critical to protect your digital identity. By watching out for phishing scams, protecting your information and securing your accounts, you can stay cyber safe and help defend yourself against digital identity theft.

The use of a secure and robust digital identification system that is capable of protecting privacy is an essential, reliable and user-friendly element for a strong cyber resilience strategy and is a source of new business opportunities and applications for banks, private sector with a return on their investment.


Traditional approaches to IAM, which reflect an era when devices were centrally managed and business applications resided behind the enterprise firewall, are becoming increasingly anachronistic. In a post-COVID, post-perimeter world, identity has become the first line of defense. The inevitable result of this trend will be the convergence of identity and risk.

Conventional IAM architectures have relied primarily on the ability to authenticate user credentials to a directory store and grant fine-grained access to business applications on the basis of statically assigned privileges, regardless of any inherent risk posed by a user. This model no longer reflects an IT landscape in which a mobile workforce can use unmanaged smart devices from anywhere in the world to access sensitive data in cloud-hosted business applications.

The new proposal for IAM solutions, as Soffid are, need the ability to evaluate inherent and contextual risk when granting access to sensitive data and applications. 

Picture: <a href=’’>Foto de malware creado por DCStudio –</a>


(1) Security magazine
(2) Forbes
(4) securityboulevard