A recent survey showed a significant number of health care IT pros reported their systems are not encrypting patient data, as recommended, and they feel hampered by a lack of manpower and money.
Not surprisingly, ransomware attacks were named by 69% of the 150 respondents as the top concern.
There is some good news, however, on the front to thwart cyberattacks from nations competing with the U.S. Analysts and companies, such as Duke Energy and Verizon, were encouraged recently when U.S. intelligence officials said they would soon share supply chain threat reports to critical U.S. industries in telcommunications, energy and financial businesses.
Those threat reports will go beyond some of the conventional software means of tracking existing hacks into other companies and locations and hopefully will reveal information about human actors and their potential targets, Litan said.
Even so, keeping up with cybersecurity will be an evolving, constantly changing process for the private sector.
“For companies, it’s a matter of paying attention,” Litan said. “Companies don’t spend enough time and money on the problem. They don’t think they need to. It’s a matter of priorities.”
"Attacks will surely get worse, even as cybersecurity software improves," Litan said. “There’s a hotbed of innovation, even though people don’t focus enough on security. Basic technology must be put in place. We all really live in a bad neighborhood and we all need locks on the doors.”
Sign up for CIO Asia eNewsletters.