Q&A: Regional Director of Asia-Pacific for Medigate, Luke Zappara
In the digital age, cybersecurity is vital. As companies and different sectors move into a more digital sphere to stay contactless in the face of a global health crisis, keeping data safe is of utmost importance. As the worldwide health sector makes moves to go online, there is still the threat of cybersecurity breaches. Regional Director of Asia-Pacific for Medigate, Luke Zappara, discusses what this means for healthcare, and why a breach of information privacy is a real-world threat.
HCC: Medigate is looking to expand its program to the Asia Pacific. What made you come to this decision?
Luke: We were fortunate enough to meet several Australian health executives at an industry event in London who have since become some of our most valued clients in the region, initially supporting the area from our headquarters in Tel Aviv. We take great pride in delivering an unmatched client experience, but with increasing demand and a growing client base, it was clear this could only scale with a local team on the ground to support our clients.
HCC: Now that digital healthcare services are becoming more mainstream due to the overall safety in the face of COVID-19, some areas of the world still find it difficult to gain access to these advancements, therefore making them more vulnerable to cybersecurity threats. Does Medigate have strategies that take this issue into account as well?
Luke: Cybercriminals don’t discriminate, and the fundamental elements that expose the healthcare sector to these threats are relatively consistent across the globe. In many cases, it is more about education than budget availability.
We are passionate about educating the health sector. We believe that everyone should have access to the latest security research, industry insights and education, which is why Medigate Threat Labs plays a vital role in our Research and Development function. They monitor trends, identify new threats, uncover vulnerabilities, provide expert analysis and document industry best practices to address healthcare’s most prevalent threats.
We regularly participate in joint cyber research programs with our industry-leading technology partners to publish white papers and publicly available guides to assist organisations in implementing a successful security strategy.
Where financial constraints exist, we work with clients and partners globally to develop a solution and layered strategy that addresses the immediate risks while providing the budget flexibility they require.
HCC: Human error, as unfortunate as it may be, can still be a big factor when it comes to cybersecurity breaches. What quick tips do you have that could help curb this factor better?
Luke: It’s really about building regular security awareness into everyone’s daily routines and workflows. This can be achieved through formal and ongoing training, regular communication and understanding of the latest tactics or fishing content, plus other common-sense tips (like avoiding thumb drives you find in the parking lot). Each element helps the education process and comes together to create a subconscious behaviour that becomes second nature.
HCC: With lots of systems and sectors shifting into the digital phase, cyber criminals are getting craftier. How does one, especially those not so versed with technology, distinguish a threat from a non-threat?
Luke: The first step is easier than you may think; by locking down cyber-physical processes, setting up your detection capabilities based on existing knowledge of authorised device workflows, you can make real progress. In other words, if you know what a device is supposed to do, what function it needs to perform, who is allowed to use it, and who can communicate with it, then it’s pretty easy to monitor/detect unauthorised behaviour.
The magic in threat processing is the ability to instantly correlate this data with known vulnerabilities and threats for the potentially impacted devices and then pair that knowledge with the tailored remediation instructions without impacting service delivery. Superior threat processing requires a detailed and accurate awareness of the devices connected to your network. They go hand in hand, which is why we do both.
Note: Answers have been edited for style and length