Why is cybersecurity crucial for telecommunications and healthcare?

Both telecommunications and healthcare are considered critical infrastructure sectors. Cyber attacks in these areas can lead to significant disruptions, affecting everything from personal data security to broader national security concerns.

What are the implications of recent regulatory changes in cybersecurity?

Recent regulatory changes seek to enforce stricter security protocols to better protect critical infrastructure. While these efforts are essential in mitigating risks, there is ongoing debate about their implementation and overall effectiveness.

How do new penalties impact cybersecurity strategies in critical sectors?

New penalties reinforce the importance of strong cybersecurity measures and encourage companies to prioritize protecting their systems. These measures are aimed at deterring neglect and ensuring that organizations remain vigilant against potential threats.

‹ Back to Industries

Software & Technology

New Penalties is a Push to Mitigate Cybersecurity Threats in Telecommunications and Healthcare

Cybersecurity is a significant concern for the telecommunications and healthcare sectors, which are critical infrastructure industries. Recent regulations aim to strengthen security protocols, addressing the potential consequences of cyber attacks that threaten privacy and national security. This push also raises questions about the effectiveness and enforcement of these new measures.

This story was produced through MarketScale. See how Software & Technology teams put it to work with Code to Content.

By Mike Isbitski · April 27, 2024, 12:46 AM UTCCybersecurityExperts TalksHealthcareMichael Isbitski

Key takeaways

New regulations aim to enhance cybersecurity in telecom and healthcare.

Cyber attacks pose threats to privacy and national security.

The effectiveness of new security protocols is yet to be determined.

Cybersecurity has emerged as a critical issue in telecommunications and healthcare—two industries intertwined as essential services. With both sectors recognized as critical infrastructure, the consequences of cyber attacks can be far-reaching, impacting everything from individual privacy to national security. While recent regulatory changes are aiming to tighten security protocols, it also raises questions about the adequacy and effectiveness of current security practices.

How do the challenges and strategies in cybersecurity compare between telecommunications and healthcare? What impact do new regulations have on these critical industries?

Discussing the subject for an “Experts Talk” roundtable on cybersecurity in healthcare, Michael Isbitski, Director of Cybersecurity Strategy at Sysdig, provided some valuable insight into these pressing issues. Having nearly two decades of experience in telecommunications, Isbitski connected the parallels and divergences in cybersecurity challenges facing the two sectors. He further gave a comprehensive understanding of recent regulations and offered a clear picture of how the cybersecurity landscape is evolving.

Several takeaways from Isbitski’s discussion include:

The ways cyber attackers quickly evolve, posing continuous threats to critical infrastructure sectors such as telecommunications and healthcare.
Why the interconnected nature of modern industries means that compromising one can lead to cascading failures across others, highlighting the need for robust security in telecommunications as a backbone.
Recent cybersecurity regulations across various countries and sectors are aligning more closely with long-standing security practices, emphasizing better access control and intrusion monitoring.
The critical nature of cybersecurity and how it often competes with financial constraints within organizations, leading to potential vulnerabilities unless regulatory penalties enforce stricter compliance.
How so many organizations struggle with insufficient staffing and budget for cybersecurity, which can hinder their ability to effectively manage and mitigate risks.

Isbitski’s perspective shed some light on the importance of adopting and adapting to these new regulations to enhance the security and resilience of both telecommunications and healthcare industries.

Article written by Alexandra Simon.

Video TranscriptExpand ↓

Yeah. And our attackers pivot very quickly too. You know, I'd say from my perspective and I worked for telco for close to twenty years, which is now critical infrastructure provider. Right? And then they become the interconnect to all other verticals like health care or utilities. Right? So if you can attack the communications, then you can now bring down anything. So then you start rabbit holing into that whole topic of resiliency. But, you know, my career at that telco, very difficult. Right? A lot of the things that Davey's hitting on. Right? You're you're always fighting for that budget. You're fighting for the headcount. You you know the things that you have to do for your security program, but, you just don't have the teeth. So one of the things that I like that has been a more recent trend is kind of the wave of cybersecurity regulations that are hitting, things like EU's, NIST two directive, the US national cybersecurity strategy, SEC cybersecurity disclosure rules. And there you know, there's a lot of regs. Right? And I could probably spend the next ten minutes just listing all of them. Right? Every nation state's gonna have their own and then verticals are gonna have their own, implementations of them. But they're saying a lot of the things that security practitioners have been saying for decades at this point. Right? Like, we have to be better at access control. We have to, monitor for intrusions. Like, what does our threat detection and response capability look like? Can we detect things timely, and then is that disclosed? How do we coordinate vulnerability response? So the regulations are finally starting to catch up with that. But then in tandem with that is also penalties. Right? And that that's the reality. Right? We are talking about businesses, and we're kind of in weird macroeconomic times. Although, hopefully, coming out of that, Right? But globally, things were very suppressed. So most organizations were scaling back all all of their spend. Right, whether it was IT or security. And and, usually, security is first to go. Right? Like, well, let's be honest. They're not revenue generating. The risk is just accepted by organizations. So now regulation kind of has more of that teeth. So if you're making sacrifices on your risk management approach, whichever aspect that might be, maybe it's access control, maybe it's threat detection, there's multiple pieces. Right? Patching, how are you managing supplier risk? All these are components of that. If you're making sacrifices there, it has to be disclosed, to the regulatory body or maybe the public. And then if you have a failure, like in the case of an incident or breach, there might be financial repercussions to that. Right? Your leadership might be at fault. Potentially, you can't practice. Right? Maybe there's criminal criminal penalties on the table. So that looks much different than it did twenty years ago. So as a practitioner and a a leader, right, I was managing or leading the application security efforts a component of it at, Verizon, and that was a large team. Right? Many organizations don't even have adequate staff. Right? Their security are are juggling all of the security roles. But I never had enough, people, and I never had enough money. And I was constantly fighting those battles, and it's exhausting. So, yeah, as a practitioner and leader and advisor, it's like, this is great. Right? This is music in my ears. We need to ride that wave because that's gonna improve all industries, certainly certainly health care. But, yeah, the tech hasn't really changed. We're talking about a lot of the same problems that just kind of got swept under the rug, unfortunately.

About the author

Mike Isbitski

Turn this into your own content

Create a free MarketScale workspace and publish your own experts. No credit card, no demo required.

Book a demo Start free

MarketScale platform

Want to launch your own podcast or show?

MarketScale gives B2B companies a full content studio: record, produce, and distribute your own channel. No agency, no crew, no guessing.

See how it works →

Keep exploring