From ransomware and malware to the Internet of Things, midmarket IT leaders are staring down a number of security threats, often with limited resources at hand.
Paul Shipp - Cybersecurity Specialist - Door County Medical Center
Shipp is part of a team of nine people responsible for the IT needs of a Sturgeon Bay, Wis.-based critical access hospital: a class of medical facilities that target rural US areas. The team manages 1,000 endpoints and 200 servers while grappling with the challenges of finding technical talent and keeping budgets in check.
"We are already a small team. Everybody's wearing multiple hats, everybody's got multiple responsibilities," Shipp said. "One of my jobs—one of my hats—is to try to figure out how can we a) cut costs, b) actually implement security that we need to implement, and c) do it without burning people out."
It's a task made more difficult by the fact that hospitals like Door County Medical Center make attractive targets for hackers.
"You can talk to any security expert and they'll tell you health care is the No. 1 [target]. Specifically, midsize health care is at the top of attackers' lists."
One item on Shipp's wish list is to implement a new security training programme for the hospital's employees.
"You want to have a successful security training programme, but I work with doctors and I don't want to [make them angry].
"One of the things that I'm looking for is maybe we can find a better security training solution that's maybe a little cheaper but, more importantly, will not make them upset and make them want to actually [complete the training]."