Many critical infrastructure providers in healthcare have not yet fully implemented cybersecurity best practices, according to Trellix’s new Cyber Readiness Report.
According to the report, 74% of U.S. healthcare providers admitted to have not fully implemented software supply chain risk management policies and processes as part of their cybersecurity practices.
The study revealed the cybersecurity talent gap is slowing the implementation of defensive technologies despite the current threat landscape, availability of private sector innovations, and greater willingness to invest. The lack of in-house cyber skills were blamed by over half of U.S. non-federal agencies running systems supporting local infrastructure and emergency services (51%) and respondents from the oil and gas sector (55%) for why their cyber defenses were not fully deployed.
“The hostilities in Ukraine have sharpened focus on the cyber readiness of critical infrastructure,” says Bryan Palma, CEO of Trellix. “The risks are known and well-discussed, but often these organizations do not have the cybersecurity talent to implement the necessary defenses. We need to scale security skills to prevent understaffed critical infrastructure from falling victim to cyber-attacks.”
The healthcare sector particularly noted underinvestment as a contributing factor, and two-fifths (38%) favored federal funding to deliver cybersecurity improvements. Critical infrastructure providers also called for the U.S. government to share more threat intelligence, with nearly all (95%) of respondents in the oil and gas industry saying there was room for improvement in the cyber threat data shared by their federal partners.
That said, the report shows the recent U.S. Executive Order on Improving the Nation’s Cybersecurity (EO 14028) could play an important role in strengthening the nation’s cyber defenses. Three-quarters (75%) of respondents anticipate using the EO as justification to obtain funding to meet their objectives. Over three-quarters (79%) of respondents believe that by setting higher cybersecurity standards for federal agency implementations, the government could raise standards for the IT industry and, through it, non-federal government and private sector implementations.
“By raising security requirements in areas such as software development for government implementations, the federal government is in a unique position to influence and raise related standards for the entire software industry,” says Thomas Gann, chief public policy officer at Trellix. “The Biden Administration has demonstrated constructive, responsible cybersecurity leadership over the last year, and we foresee the existing public-private partnerships as a sound foundation for building policy initiatives in this and other areas.”
The study also gauged the state of technology adoption and public-private collaboration among government and critical infrastructure providers in Australia, France, Germany, India, Japan, and the United Kingdom.
