By Dawn Bailey
Vikrant Arora, an industry-recognized thought leader committed to transforming cybersecurity practice, education, and leadership, will be a plenary speaker on Monday, April 8, at the 35th Quest for Excellence Conference®. Arora serves as executive chief information security officer for First Health Advisory, a digital health risk assurance organization that aims to help organizations protect their vital interests and accelerate efficiency from the board room to the operating room. Vikrant’s goals are to champion cybersecurity firsts for global industry leaders, building high-performing teams, driving unprecedented risk awareness, and expertly responding to security incidents and threats to business continuity.
I recently asked Arora a few questions in anticipation of his upcoming presentation. Following are his responses.
Briefly highlight what you’ll cover in terms of organizational resilience.
Ensuring resilience in the age of artificial intelligence (AI) brings increasing threats and opportunities. With AI comes unique threats that are different from previous technologies; for example, AI is self-learning and constantly evolving. Reliance on technology vendors brings extremely high third-party risk—even if your organization is not directly using AI, chances are that one of your technology partners is introducing AI into its business processes and into your ecosystem.
What do you see as the greatest cybersecurity challenges to today’s organizations?
In general, the biggest challenges can be divided into three buckets:
- Systems for governance and talent are not able to keep pace with digital innovation, such as AI.
- The emerging threat landscape, including sophisticated cyber threats, is leading to outages.
- The evolving regulatory landscape is leading to unique compliance requirements across industries and especially in health care.
In addition, the presence of legacy operating systems and technology, and a very complex system of third- and fourth-party business associates continue to make it difficult for health care and other organizations to manage cyber risks.
In light of the Baldrige Award’s added focus on organizational resilience, would you share an example that you have seen that had a significant impact in supporting organizations’ success?
I recommend using the NIST Cybersecurity Framework (CSF) as a north star for implementing cybersecurity in any organization. The framework includes the best practices that an organization must have in place to reduce the impact of cyberattacks, and is split into best practices for before, during, and after an attack. The CSF requires an incident response playbook, with routine table-top exercises to form muscle memory and a strong focus on business continuity and disaster recovery.
Technology can be down for a malicious reason or an inadvertent failure, but we need to deliver core services in a trustworthy manner to ensure an organization’s resilience.
How would you recommend that senior leaders be prepared to address challenges and be more risk aware?
Given the evolving landscape,
- Approach cybersecurity as a business requirement. In health care, cybersecurity should be patient safety.
- Focus on talent and education, not just on technology and vendors.
- Ensure effective and practical governance so that all technologies are introduced with a business mindset of solving problems and include a process-centric approach rooted in measurement, accountability, and education. Effective governance is not a new concept, but the uniqueness of AI highlights existing cracks and can make an organization more vulnerable.
This article first appeared on the NIST website and is published here with permission.
About the Author
Dawn Bailey is a writer/editor for the Baldrige Program and involved in all aspects of communications, from leading the Baldrige Executive Fellows program to managing the direction of case studies.