The big challenges in the recruiting is that great talent is in short supply and most talent acquisition strategies are broken. Executive hiring managers are interested in ONLY one thing – whether internal or external the ability to not only Identify, but to recruit exceptional talent. When you evaluate an executive search firm, look for two things. One do you have the capacity to perform research to identify target competitors and passive candidates, and two, do they have experience in cold calling, a deep network, and reputation of getting referrals?
Most Companies Fail to Properly Evaluate an Executive Search Firm
Most common is to go with the big name search firm. The issue there is you pay a full fee regardless of outcome, other than the principals teh recruiting force is a revolving door, and a bad track record in retention. Secondly, if you are a startup to mid-cap you really need the expertise of a team that specializes in your industry; known as niche recruiting. Most big name search firms work across all industries without specialization. while that diversity may work for a CFO or Board role, it falters with lack of a deep network within your industry.
What you should look for is a retained search firm that not only has the industry expertise but has a sound evidence-based recruitment process management system utilizing Ai predictive validity. It all begins with a discovery step where the search strategy is built upon defining the objectives of the role and learning what the role with do with the required skills, not just the having of them.
Next is using scientifically based psychometric to determine team dynamics and thus the search form can then develop a target candidate profile and custom search strategy. A great recruiter will define prior desired accomplishments in a similar environment and make sure candidates are screened who have similar. Rather than accepting verbatim the experience and skills required, a good recruiter will drill down to ascertain in what environment and product / service those skills are used in , again further screening candidates to validate they actually can meet the objectives of the role.
The Job of Hiring Managers to Evaluate an Executive Search Firm
For almost 30 years, we often run into Hiring Managers that say just send them resumes and they will determine which candidates to interview. Which of course begs the question, why would you be paying a search fee? You can simply hire an RPO to troll job boards or have HR post job openings to dozens of web sites. Great hiring managers know three things:
- They don’t have the time to go through an in-basket full of unqualified resumes
- They know that the one-size-fits-all resume is perhaps the poorest document ever created. It is generalist, vague, and rarely indicates if the candidate has used required skills WITHIN a similar environment, as well as accomplishments tend to be exaggerated and without verifiable substance.
- Great hiring managers know that professional successful executive search consultants are good at what they do and do not pretend to be a Hiring Manager who may be a CXO or VP of engineering or sales or whatever. So why do so many Hiring Managers assume they are great recruiters? Trust me, in all my years, it is less than 1% who are good at both roles AND those who can do both are very successful startup entrepreneurs in early stage building their executive team.
Finally ALWAYS evaluate an executive search firm by three factors
- Candidate placement retention rate is far and above client retention rate. That is because some companies will prefer the cheapest or who best serves HR rather than the client on the whole. For instance, NextGen has an average 93% in 4.5 years are still working for that client whereas we have lost new searches with the same client to other firms with an average 2 years or less of placement retention.
- The average replacement guarantee for contingency is 30 to 90 days, which of course should alarm you as the confidence in the quality of candidates presented for you to hire just can;t be that good. Basically any average “C player” can be presented and hired and a company not realize in under 90 days wow that hire is just a body filling a space. The average retained is 90 days to 6 months while a very few will go one year. At NextGen we offer a full 24 to 46 months replacement guarantee.
- Executive levels with MBOs – most retained search firm you will pay the entire fee without regards to an actual hire or success within 60 to 120 days. For many they believe you are paying them for their reputation and experience, NOT for their success.
For more information on how to effectively evaluate an executive search firm, download the PDF to compare what NextGen Global Executive Search does to others.
Embracing next technology healthcare without adequate preparation will only open new risk avenues and threat vectors for healthcare cyber attacks. Technology is perceived as a solution to address operational inefficiencies within the healthcare industry and to expand the reach of high quality healthcare services to remote regions. But the risks are mounting.
Vulnerable Devices for Critical Medical Practices
The proliferation of smart technologies will encompass the healthcare industry in coming years. Digital devices such as smart pacemakers and insulin pumps are used widely today, and the next generation of smart technologies will cover a variety of critical cardiovascular, respiratory, and neurological medical practices. However, next technology healthcare devices aren’t immune to sophisticated attacks. In control of malicious actors, vulnerable smart medical devices can deliver the killer blow to patients instead of maintaining stable health.
Cloud Vulnerabilities for Healthcare Cyber Attacks
Cloud connectivity is critical to access patient information anywhere-anytime, a promise that’s driving transition to the cloud for healthcare institutions. PHI data is effectively stored in off-site data centers beyond the control of healthcare providers originally in charge of maintaining patient data privacy and security. Any vulnerability in their cloud networks is an open invitation for hackers to compromise sensitive patient information.
Unlike cloud vendors subject to stringent compliance regulations, patients themselves are unable to secure IoT-connected medical devices at home. A malware infected dialysis machine could be part
of a DDoS attack intended to bring down the entire network infrastructure of a hospital. Since IoT devices come from multiple vendors, through different processes and offer different technologies, it’s not entirely possible to maintain a consistent standard and control around healthcare cyber attacks and IoT device security.
Next Technology Healthcare Cyber Attacks to Mobile Apps
Healthcare providers adopting telemedicine practices using smartphone health apps may not realize or control the personally identifiable information shared with third-party advertisers. These apps run on mobile platforms vulnerable to security threats, especially when the OS is not updated to apply the latest available security patches.
Considering the general lack of security awareness among patients using outdated mobile app and OS versions, and fall prey to mundane social engineering ploys, the industry has a long way to go before considering mobile apps as secure channels to offer effective firewalls and security against healthcare cyver attacks.
Do you think the next technology healthcare industry is ready to take a deep dive into cyber security adoption without adequate preparation and fixing loopholes that exist within the technology itself?
Recruiting expertise in medical devices and electronic health records
Need an executive search consultant with deep knowledge and contacts in the medical field? NextGen has identified and recruited key personnel ranging from principal / chief engineers in software development, systems design, and embedded wireless to directors and VPs in sales, business development, and technology to president of business unit for medical device manufacturers, electronic health records developers, clinical integration, and bio medical research and development.
Ransomware is distributed as a social engineering ploy via email, malicious links and malvertizing, among other techniques. A proactive ransomware mitigation strategy for EMR is needed as once a user falls prey to these human exploits, ransomware is downloaded to the victim’s computer to begin the malicious process.
The virus attempts to connect with encryption-key servers, takes hold of public encryption keys and uses various encryption algorithms to encrypt mission-critical data on the network.
This data typically includes file formats of PDF, JPG, and Microsoft Office extensions. Basic OS recovery and reboot systems are disabled. The compromised data is moved, renamed, encrypted, and renamed again to ensure the required data cannot be queried using actual file names when ransomware is executed, which is when ransom is demanded via Bitcoin or other digital money transfer services. At execution, the start-up screen and several basic features are also locked until this payment is processed.
Why a Proactive Ransomware Mitigation Strategy for EMR Matters
Despite the prevalent security awareness, phishing schemes and drive-by-downloads remain one of the most effective techniques to deliver ransomware payloads onto target computers. To combat ransomware, a proactive ransomware mitigation strategy is to set up systematic corporate security training programs to prevent ransomware payload delivery onto your EHR systems in the first place.
Employ expert social pen-testers to phish your own staff. Emulate real-world exploits but do no ream harm to your organization or employees. Establish gamification-based rewarding programs to encourage dedicated adoption of security best practices. And yes, prior executive approval will be required to prevent awkward situations.
Secondly, it’s best to perform social penetration testing procedures on a separate, isolated network infrastructure such that sensitive data remains inaccessible and uncompromised. This strategy will essentially build the most effective line of defense against ransomware: the human firewall.
Advanced phishing attacks are known to bypass standard spam filtering standards set up by email clients. Another part of a proactive ransomware mitigation strategy for EMR is to establish strong spam filtering techniques such as blacklisting and whitelisting email and IP addresses, and real-time blackhole lists that are maintained by third-party security providers. Use content-based filters to ward off malicious content that’s most relevant to your organization.
Email validation systems such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and Domain Keys Identified Mail (DKIM) can prevent phishing emails from reaching your workforce. Establish strong administrative and access controls to prevent unauthorized and unintended downloads of executable files via email or the Web – even legitimate website could be compromised to deliver ransomware as downloadable content.
Strict controls that allow the absolute least user privileges to appropriate users will reduce the proportion of workforce who can inadvertently facilitate ransomware delivery to the corporate IT network. This approach will prevent anomalous and unauthorized downloads, installations, data transfer, editing and encryption from taking place.
Furthermore, streamline the updating, patching and validation processes for every tool used in the EHR systems. Most of the ransomware attacks exploit known vulnerabilities that remain unpatched. Standardizing mass rollout of updates across all systems is a time-consuming and cumbersome process if the operating systems and software are installed on local hard drives.
Organizations that maintain such systems take months and sometimes years before evaluating, authorizing and installing updates individually on each computer. On the other hand, organizations that maintain virtualized and cloud-based environments for the delivery of desktop OS and electronic heath records solutions can automate and streamline the process of software updates.
Although these measures drastically reduce the chances of successful malware delivery to your systems, your organization should be prepared to tackle the threat of ransomware infection and prevent execution of malicious programs. For instance, another proactive ransomware mitigation strategy is to limit user privileges and controls to install software against targeted file extensions.
If an installation is critical, the process should be flagged and transferred to a sandbox environment for detailed security assessment. Unauthorized changes to medical devices, files and data sharing should be blocked to prevent potential ransomware processes from executing.
Proactive Ransomware Mitigation Strategy for EMR Advanced Security
Deploy advanced security solutions that would detect anomalous processes, raise the alarm and cut-off compromised systems from the network to prevent the malware from spreading. Maintain an efficient backup recovery system that performs data backup in real-time and can be used to retrieve mission-critical data in a matter of minutes, as required. Consider using differential backup techniques that preserve the only the new changes performed to data that’s already backed up.
The minds behind ransomware attacks intend to hold this data to hostage so that victims are left with no option but to process the payments. If you can access this data using alternate means within acceptable schedule, the ransomware attack is rendered useless and you can eventually get security and IT experts to clean up the infected systems.
Finally, a sound proactive ransomware mitigation strategy for EMR is to coordinate with your security solutions providers and federal agencies to report possible ransomware attacks – they may already have relevant information and could be able to crack down on the perpetrators with the additional reporting, thereby preventing future attacks from the same sources.
Need help recruiting Cyber Security Professionals for HL7 or EMR Development?
NextGen Executive Search as successfully recruited and placed software developers, analysts, firewall and firmware design, sales, and product management for clinical integration, healthcare patient records management vendors, including medical device manufacturers for over 20 years.
Healthcare is unprepared for cyber attacks and as the cybercrime threat landscape for medical devices and electronic health records is evolving at unprecedented rates this lack of preparation does not bode well. The malicious intent of financially motivated or state-sponsored cyber-criminals was best served by victimizing financial institutions, power infrastructure and the business sector.
The sheer wealth of profitable consumer information stored within the servers and IT networks powering these industry segments have attracted cyber attack interests for decades. At the same time, these industries are investing vast resources to strengthen their security posture. Cyber criminals pursuing easier targets are aiming for the healthcare industry instead, where a similarly vast deluge of sensitive personally identifiable information powers increasingly digitized healthcare services from less-secure network infrastructure.
Inherent Loopholes as Healthcare Is Unprepared for Cyber Attacks
Healthcare institutions excel in medical practices but are inherently prone to security attacks. 2017 might have seen only a limited number of successful attacks, but make no mistake that healthcare is unprepared for cyber attacks and this is a very real threat, and here’s why. The future of healthcare centers are paperless medical practices. Digital patient information stored in network-connected servers is a recipe for disaster unless strong security defense capabilities are in place to ward off sophisticated cyber attacks. And that’s precisely the problem with the healthcare industry they are woefully unprepared for technology adoption.
While the government and the industry is pushing to embrace Electronic Health Record (EHR) systems, the same attention is not given to invest in strong security solutions, technologies, and processes across the widening industry of healthcare institutions, hospitals, surgery centers and EMR/EHR management providers.
Equating Compliance to Security: Global regulatory authorities enforce strict laws to ensure security of digital health records and electronic systems used in the healthcare industry. However, these laws are designed to establish and maintain a minimum standard of security capabilities and practices. The risks could be far worse and varied. Therefore, it becomes more obvious why healthcare is unprepared for cyber attacks by maintaining compliance standards such as HIPAA do not translate into strong security capabilities.
Lack of Security Awareness: A significant proportion of life-threatening spearphishing and ransomware attacks are designed to exploit the human element. Random clicks to malicious links by unsuspecting workforce in the healthcare industry cost millions of dollars in damages. Inadequate workforce education and training on maintaining security of digitized records and new healthcare technologies is prevalent in the industry considering the simple root causes of these costly attacks.
Lack of Resources: Many healthcare institutions do not operate on the same IT security budget in comparison with financial and business organizations. A recent conducted by The Ponemon Institute finds healthcare organizations rate their ability to defend against cyber-attacks at a meager 4.9 out of 10.
Outsourcing May Alleviate Healthcare Industry Unprepared for Cyber Attacks
Healthcare institutes work to excel in the services they have to offer, and tend to outsource critical healthcare IT operations. These IT service providers are subject to strict regulations including HIPAA, whereas healthcare organizations cannot accurately assess the risk of business associates or ensure security of Protected Health Information (PHI) shared with them.
When the United States’ military stealth tech bomber was rumored and then when it made a public debut, it was the first-time advanced stealth technology was a reality instead of something out of a science fiction novel.
Even as the US was working on the tech to hide the profile of the bomber, work was underway on how to detect it. Since unmanned aerial vehicles (UAVs) are now an internal part of the world’s major militaries, stealth tech is integral to these aircraft. Again, the US is leading the pack, but China, France and Great Britain are also making major strides with China closing the gap rapidly.
Where concealment is concerned with military matters the top things that must be hidden are:
- Signals: radio, electrical or laser
Staying as quiet as possible is critical as next generation long-wave infrared search-and-track sensors worries some analysts about the engine and propeller noise. Anyone who’s ever heard a small civilian drone knows the buzz. Helicopter pilots say they do not fly but beat the air into submission and create a lot of noise at the same time. Prop and jet-driven UAVs are sound machines.
The private sector is making strides in killing propellor noise. While the Rowe brothers creation, a shroud around the prop, is designed for drones in the movie industry, the sound-killing tech can easily translate across to UAV applications with a few tweaks. Another company has tweaked the propeller blade to get a noise reduction.
Silencing the jets on UAV may also take a page from the civilian world. Georgia Tech and Lockheed Martin are tackling the jet noise issue on several fronts. NASA is investing heavily into a new generation of supersonic passenger planes that promise “60 to 65 decibels per boom (at least as heard from the ground).” A normal conversation is 60-70 decibels at 3-5 feet.
Heating Things Up in Military Stealth Tech
Combustion is hot. Electrical motors cut way back on the heat produced, but batteries add weight which reduces flight time. One solution being explored by some is a combination UAV. It runs off a fueled engine until it closes in on a target, then switches to battery operation. This cuts the heat signature and the noise when noise-reduction measures are also included. Mission accomplished, it eases away and restarts the engine to either recharge the batteries for another run or the ride home.
It may appear that sacrificing stealth to move is a trade-off that must happen. Not precisely. A UAV must fly, but it the body of the UAV does not have to change shape. In a conventional aircraft, ailerons move. These dictate how a plane turns, climbs and descends by changing the shape of the wind foil (wing or rudder). The blades on a stealth helicopter are often a giveaway.
A new military stealth tech drone from BAE Systems in MAGMA in-flight trials has no moving external parts. As Popular Mechanics reports, ‘Control surfaces can also affect an airplane’s carefully shaped stealth profile, as the fin-like device moves upward or downward, momentarily making the aircraft slightly more visible to radar.”A slight advantage is all that’s needed to get a lock and take measures against the incoming craft.
See Me Now
Hiding by color is the oldest form of stealth around; think stripes on a tiger. Mirrors that reflect the surroundings are great for hiding, depending on the surroundings. But cloaking tech vis a vi Harry Potter invisibility cloak or a Klingon cloaking technology may not be as silly as it sounds. It is a step closer to reality. This kind of tech has the possibility of blocking everything but sound; muffling technology will take care of that.
Electrical and Radio
Hiding transmission signals is very difficult to do. Radio waves, even a tight beam, are going to spread. Using code, rapid frequency jumping and burst communications are ways around eavesdropping. Laser communication is the best we can do right now to avoid detection. Since lasers spread very little, intercepting means being in the direct line of transmission, which then becomes easy to detect because of signal degradation or transmission delays.
The arms race does not have a finish line. As soon as a new advancement comes online, someone is hard at work trying to defeat it. The South China Morning Post says the military there has a “T-ray,” terahertz radiation, radar that penetrates anti-detection coatings on manned and UAVs. This is not new tech, but a modification of existing technology. T-rays are used in industrial applications to spot defects in layered metals.
As Defence Aviation says, the key to defeating the military stealth tech may be as simple as incorporating a whole suite of detection systems into one array. While a UAV may beat one, two or three of the detection methods, that means it must compromise on something else.
The U.S. Navy and Lockheed are already working in these areas of stealth technology thereby creating the need to develop even more sophisticated sensors that cue radars about the invisible blackbirds that roam our skies,” the website says.Retired USAF officers Maj. Gen. Mark Barrett and Col. Mace Carpenter sought to answer in a report, “Survivability in the Digital Age: The Imperative for Stealth,” produced by the Mitchell Institute for Aerospace Studies. “Over the long run, the U.S. will engage opponents who field increasing numbers of powerful digital multi-band radars,” the authors wrote.
The Future in Military Stealth Tech
To see what tomorrow can bring, look to science fiction. What was pure speculation 50 years ago is now held in your hand, so you can watch funny cat videos downloaded from a server on the other side of the planet. The race for better military stealth tech can be in two camps.
Cloaking technologies which are already underway and anti-gravity. Conspiracy theory websites are full of stories of government work on anti-gravy devices but have little in the way of concrete proof of the claims.
So is anti-gravity going to be a thing? No one knows. But it is being researched. Get past the “how could it work” to “what could it do” and the implications are stunning. We already know gravity can bend light so using the tech to thwart detection systems should be even simpler.
However, making anti-gravity happen is many years off, if ever. Newer military stealth tech aircraft are on the horizon in the USAF B-21 and the Navy’s X-47B UAV.