Sizing Up the Role of Deception Technology in HealthcareCISO Mitch Parker on the Challenges of Proper Implementation
The new generation of deception technology can play an important role in helping healthcare organizations detect malware, including ransomware, but it requires careful implementation to get the most value, says Mitch Parker, CISO at Indiana University Health System.
"You have to really take a step back, understand where your risks really are and build a plan to address those risks and have this as part of your plan," Parker, who has deployed deception technology at two other organizations, says in interview with Information Security Media Group.
"One other lesson we learned when I did this before is that ... deception technology is really good but it's also very deceptive in the amount of work and effort it takes to deploy it correctly and to make sure you get that good value out of it."
Parker stresses: "You have to make sure that you have your endpoint detection and response and you have your network detection and response and you have a very robust infrastructure before you should consider putting up a technology like deception technology."
In the interview (see audio link below photo), Parker also:
- Discusses why deployment of deception technology at Indiana University Health System is a matter of "when" and not "if";
- Describes how deception technology has evolved;
- Outlines his education sessions at the upcoming HIMSS18 Conference on building a cybersecurity team and securing RFID in a healthcare environment.
Parker is CISO at University of Indiana Health, based in Indianapolis. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, he was an information security consultant to the Defense Logistics Agency and other organizations.