John Doan, CISSP, ISSAP

Out of Office, Not Out of Reach: Why Summer Is Prime Time for Phishing As the summer months wind down, healthcare professionals face a subtle, yet significant threat: a rise in phishing attacks where a unique window of opportunity for cyber criminals opens to exploit seasonal vulnerabilities. Phishing is not only about deceptive emails or fake websites but about capitalizing on human nature via social engineering tactics. When we are preoccupied with a variety of activities during this time of year, the vigilance that typically guards our workflows and communications may not be at the forefront of our priorities. Cyber attackers know this all too well, and typically their attacks are timed accordingly. The solution? Proactive awareness and vigilance. We must cultivate a culture where questioning unexpected communications is second nature; which means promoting the practice of verifying any requests for sensitive information or action year around, especially those that seem urgent or unusual. Encourage your teams to be vigilant and report suspicious emails immediately. A simple pause to scrutinize that one unusual email could be the barrier that prevents compromised credentials or a cyber breach. As healthcare leaders, safeguarding our patients’ data is crucial, as the care that we provide must continue to uphold our commitment to both cyber and operational excellence, even during vacation heavy months. Together, let us turn awareness into action and ensure that our dedication to cyber security is as unwavering as our commitment to patient care. #PhishingAwareness #CyberSecurity #HealthcareSecurity #Sentara

83

11 Comments

"Large Language Model Security, Building Secure AI Applications" by Steve Wilson Thanks for the book recommendation Christofer Hoff -- I agree it's a great read, and finished it this weekend. For any practitioners or those in governance roles for information security or artificial intelligence, this book is a great read and then a desk reference guide. In 150 or so pages, the author will walk you through the AI OWASP Top 10 and include practical real world examples of "risk gone wrong". And then of course mitigation strategies. This is now in my professional development library. #ai #artificialintelligence #cyber

23

In an era where tools like ChatGPT are transforming the way we work and learn, some books remain timeless gems, truly the ultimate desk reference. My latest recommendation is “CISO Compass" by Todd Fitzgerald, with a foreword by Dr. Larry Ponemon. It offers invaluable insights into navigating cybersecurity leadership challenges, drawing from pioneers in the field. Thanks Todd Fitzgerald , for your great work, this book is a must-read for anyone looking to strengthen their strategic approach in cybersecurity!

62

5 Comments

We all know that threat actors are using AI to accelerate and enhance their attacks, but it's still very interesting to read more about how and what they are doing. Anthropic put together a great report of what they're doing to help prevent the activity, but also provides some info on what they are doing (but not enough to start your APT group). https://lnkd.in/eV_HPpmq

37

NIST CSF 2.0 marks a significant change in the perception and governance of cybersecurity, shifting it from a technical issue to a strategic business risk that demands attention from Boards and the C-Suite. Recent data from a Harris poll highlights the critical nature of cybersecurity, ranking it as the top geopolitical risk, surpassing concerns like climate change and trade wars. This transformation poses essential questions: Will this shift result in a deeper comprehension and increased backing for cybersecurity within companies? Or might it inadvertently create a disconnect between high-level strategy and practical implementation? I view this transition as an opening to involve and educate executives on their evolving roles in managing cybersecurity risks. Simultaneously, it necessitates contemplation on how we, as professionals, can guarantee harmony between strategic objectives and operational necessities. As we embrace this evolution, how can we collaboratively navigate this change to fortify both our organizations and the broader cybersecurity landscape? #Cybersecurity #NISTCSF #RiskManagement #ExecutiveEngagement

20

As promised, here is a next edition for Cybersecurity Awareness Month! 🏴‍☠️ Week 2 of Cybersecurity Awareness Month: The Open Chest Curse Ahoy, data defenders! We’ve charted our course into Week 2 of Cybersecurity Awareness Month, and this week’s theme be “The Open Chest Curse.” ⚓ Theme: Ye left the data chest unlocked — now the pirates be feasting! In the digital seas we sail, an “open chest” be any file, folder, or system left without proper access controls. Pirates don’t always need to break locks — too often the treasure’s already left wide open! At Concentric AI, we help organizations find and secure these open chests — their sensitive data — before digital buccaneers can plunder the loot. 💀 Common “open chests” we find: • Shared drives where anyone can access sensitive files • Data repositories without clear permissions • Old projects or reports left exposed long after they’re needed • Files with passwords stored in plain text ← this be a treasure map for sure! 🗝️ This week’s challenge: • Review shared folders, drives, and tools for sensitive data • Lock down access to only those who truly need it • Remove outdated or unnecessary permissions Leaving the chest unlocked means pirates can help themselves to the feast. So batten down the hatches, guard the keys, and keep your treasure safe! ⚔️ And aye — a new virtual background awaits for those joining our crew this week! #CybersecurityAwarenessMonth #DataSecurity #ConcentricAI #DataProtection #DeweaponwizeYourData

19

Cybersecurity in health care is not just an IT challenge—it directly impacts patient care, hospital operations, and even regional health systems. I find these discussions especially relevant right now, highlighting how ransomware attacks don’t just cripple one organization but create ripple effects across entire communities. Strengthening cyber resilience means thinking beyond individual networks and building a more connected, evidence-driven approach to security. The industry is making progress, but there is still work to do—especially in talent development and third-party risk management. Investing in smarter security strategies today means protecting both data and lives in the future. #Data #Cybersecurity #Healthcare

20

1 Comment

Departing employees represent one of the highest-risk categories for insider-driven data exfiltration. Vendor telemetry shows that ~45% of insider data theft attempts involve personal email or cloud uploads, with a 720% spike in activity in the 24 hours before layoffs. Proactive controls can help reduce financial exposure if implemented. #insiderthreat #insiderrisk #dlp #dataprotection #rif

26

3 Comments

Federal agencies have taken down the BlackSuit ransomware operation, linked to attacks on healthcare organizations, seizing servers, domains, and over $1 million in cryptocurrency. This highlights how coordinated enforcement can disrupt threat groups and reduce immediate risk to patient care operations. Health systems can strengthen their defenses by aligning internal detection and response with trusted outside partners. #CyberSecurity #Ransomware #HealthcareSecurity #ThreatResponse https://lnkd.in/eFyur2R8

13

1 Comment

AI security, guidance and standards are evolving slower than the technology and the adoption, defenders need to focus on security fundamentals like data classification and governance, least privleage and other controls to remain secure. This is promising but it needs to evolve quicker.

12

🔐 The ROI of Cybersecurity: More Than Just Risk Reduction Cybersecurity isn’t just a cost center—it’s a strategic investment. Every dollar spent on proactive security measures protects revenue, preserves brand trust, and enables business growth. When security is embedded into the DNA of an organization, it becomes a competitive advantage. ✅ Reduced downtime ✅ Faster incident response ✅ Stronger customer confidence ✅ Lower regulatory risk ✅ Better alignment with business goals As CISOs, we’re not just defending infrastructure—we’re enabling innovation. The ROI of cybersecurity is measured in resilience, reputation, and readiness. Let’s keep shifting the narrative from fear to value. #CybersecurityROI #CISO #InfosecLeadership #RiskManagement #DigitalTrust #SecurityStrategy #CyberResilience #TechLeadership #InnovationThroughSecurity

15

7 Comments