Building dynamic cyber security learning capabilities

Rennie Naidoo, professor in Information Systems at the Wits School of Business Sciences.

---

In today's rapidly-evolving digital landscape, the healthcare sector is increasingly becoming a prime target for sophisticated cyber attacks.

South Africa is no exception, with cyber threats escalating at an alarming rate, particularly in healthcare, where the stakes could not be higher.

The recent surge in cyber security breaches has highlighted the urgent need for healthcare organisations to bolster their defences. However, a significant challenge lies in overcoming the inertial forces that impede the development of cyber security capabilities.

Healthcare organisations worldwide are under siege. Cyber criminals have become more sophisticated, employing advanced tactics, such as ransomware and phishing attacks, which can cripple essential services and compromise sensitive patient data.

In South Africa, the healthcare sector has experienced several high-profile breaches, confirming the vulnerabilities that exist within these organisations.

For instance, in recent times, a ransomware attack on one of SA's largest private hospital groups disrupted IT services and posed severe risks to patient care. Another significant incident occurred when a major healthcare organisation faced a data breach, affecting sensitive patient records.

It’s not just about protecting data but about safeguarding lives.

These incidents, among others, serve as a stark reminder that healthcare organisations must not only react to cyber threats, but also proactively prepare for them. The stakes are particularly high when considering that attacks on healthcare can have life-or-death consequences, especially with the growing adoption of telehealth and internet of things technologies.

Despite the clear and present dangers, our research suggests many healthcare organisations struggle to develop effective cyber security learning mechanisms as a result of organisational inertia.

This happens when a company clings to old habits and routines, making it hard to adapt to new challenges. In the fast-changing world of cyber security, this inertia can prevent healthcare organisations from effectively defending against threats.

We coined the term “cyber security inertia” to describe this resistance to change in cyber security practices. To tackle this, we propose a new approach, called “dynamic cyber security learning capabilities” (DCLC), to help healthcare organisations stay agile and responsive in the face of growing cyber risks.

There are two main types of cyber security inertia. Strategic cyber security inertia often stems from leadership's reluctance to fully embrace the importance of cyber security. This can be due to a variety of reasons, including a focus on short-term financial goals over long-term security investments, or a lack of awareness of the evolving nature of cyber threats.

On the other hand, operational cyber security inertia is more about the day-to-day processes that fail to incorporate cyber security learning into their core. This could be due to outdated IT systems, lack of continuous training for staff, or insufficient resources allocated to cyber security initiatives.

The Protection of Personal Information Act has added regulatory pressure on organisations to enhance their cyber security practices. Yet, compliance alone is not enough.

The healthcare sector must move beyond simply adhering to compliance standards and instead foster a culture of continuous learning and adaptation in cyber security.

Healthcare organisations need to develop DCLC to break free from the inertia hampering the adoption of cyber security practices. One of the most critical steps in overcoming inertia is establishing proactive leadership structures.

Executive management must set the tone for cyber security, making it a priority at the highest levels of the organisation. For example, an IT security steering committee can be instrumental in ensuring cyber security is integrated into every facet of the business. This committee should consist of leaders from various departments who can collaborate to develop and implement a dynamic cyber security strategy.

Traditional cyber security frameworks, such as the NIST Cyber Security Framework and ISO 27000 series, can provide a solid foundation but are often static and not designed to adapt to rapidly-changing threats.

On the other hand, a dynamic cyber security governance framework allows organisations to continuously assess and adjust their cyber security posture in response to new information and emerging threats. This approach emphasises the importance of continuous sensing, resource mobilisation and capability renewal.

Effective risk management is key to building DCLC. This includes regularly conducting vulnerability assessments, penetration tests and security audits. Additionally, novel approaches such as cyber insurance can provide a safety net, helping organisations recover from significant breaches.

By integrating these practices into a dynamic learning framework, healthcare software firms can better manage the risks associated with cyber security threats.

Organisations need to be agile in the face of increasingly sophisticated cyber attacks. Self-organising teams, such as those employing the DevSecOps model, can enhance the organisation’s ability to respond to threats in real-time.

These teams, composed of skilled individuals who can adapt quickly and work autonomously, are essential for embedding security into every stage of the systems development lifecycle. This proactive approach ensures security is not an afterthought, but a fundamental component of system design.

Human error remains one of the leading causes of cyber security breaches. As such, investing in user education and awareness is critical. Regular training sessions, phishing simulations and security drills can help instil a culture of cyber security awareness among employees.

Organisations should also consider implementing online platforms that provide continuous learning opportunities, ensuring staff stay informed about the latest threats and best practices.

Finally, disaster recovery and business continuity plans must be regularly tested and updated to remain effective. In the event of a cyber attack, these plans are crucial for minimising downtime and ensuring critical healthcare services remain operational. Testing these plans not only helps identify potential weaknesses but also ensures staff are prepared to respond effectively in a crisis.

For South African healthcare organisations, the journey toward robust cyber security is not without its challenges. However, by addressing the inertial forces that hinder progress and embracing a dynamic approach to cyber security learning, these organisations can significantly enhance their resilience against cyber threats.

Developing dynamic cyber security learning capabilities is not just a theoretical exercise but a practical necessity. As the threat landscape continues to evolve, so too must the strategies employed to defend against it.

By fostering a culture of continuous learning, proactive leadership and adaptive risk management, healthcare software firms can build a stronger defence against the ever-present and ever-changing cyber threats.

In doing so, they will protect their operations and patients, and contribute to the broader effort to advance cyber security practices across the healthcare industry.

In an era where cyber threats are becoming increasingly sophisticated, healthcare organisations cannot afford to remain static. It’s not just about protecting data but about safeguarding lives.

The time to act is now − by building dynamic cyber security learning capabilities, healthcare organisations in SA can lead the way in creating a more secure and resilient healthcare system. IT leaders must champion these changes, ensuring their organisations are not just reactive but proactive in the face of evolving cyber threats.

* Based on a paper with PhD candidate Lawrence Nyakasoka, in the South African Computer Journal.