Dennis E. Leber, PhD, assistant vice chancellor and chief information security officer for Information Technology Services at UTHSC, has been named to the inaugural Top 100 CISOs (C100) listing by CISOs Connect. Honorees were selected among distinguished security leaders across the U.S. by the CISO Board of Judges.
“This award means a lot to me,” Dr. Leber said. “The selection committee comprises peer CISOs from top organizations and being recognized by your peers holds tremendous merit. It is a true honor, and I feel like I stand among giants.”
Dr. Leber, also serves as the chief technology officer and the HIPAA security officer at UTHSC. He leads the Security Preparedness and Response initiative (SPAR).
SPAR offers a multitude of resources and training for the campus around cybersecurity related topics. “Knowledge and education are paramount in mitigating this,” Dr. Leber said. “Additionally, when developing security controls and IT systems, we must follow the people, processes, and technology concepts. Putting people first solves many issues with security and IT solutions.”
When utilizing technology and software, Dr. Leber says to ask: How does this software opens doors to our organization? How does this hardware open doors to our organization? How does the way we access this solution open doors to our organization?
Other top cybersecurity threats that impact universities, according to Dr. Leber, range from ransomware, theft of intellectual property, malware, bitcoin mining malware, to attacks from nation-states waging war on the U.S. in the cyber realm.
Institutions involved in health care and research are also particularly targeted by cyber criminals. Organizations in particular who were involved with COVID-19 research and the vaccine were a significant target throughout the pandemic.
“Research and health care data are very profitable. The theft of research data is desirable and often stolen, so the criminals may duplicate, fill the gaps in their research efforts, and in turn, sell the product,” Dr. Leber said. He said it is also important to be vigilant in guarding against theft of patient data. “Stealing patient data provides all the information required to become that person, yet theft of health care data goes beyond that. The ability to collect health care profiles and DNA sequences on a population facilitates creating bioweapons that target specific identities,” he said.
The UTHSC Office of Cybersecurity address cybersecurity threats through numerous strategies while partnering with organizations such as the FBI, the Research and Education Networks Information Sharing and Analysis Center, which serves the Higher Education Research community in coordinating, collaboration and sharing cyber threat intelligence and best practices.
“The University of Tennessee Health Science Center is very fortunate, given the global state of heightened cybersecurity to have someone of Dennis’s caliber leading our defenses against nation state actors, ransomware threats, and a multitude of cyber threats we are facing in these unprecedented times,” said Kennard Brown, JD, MPA, PhD, FACHE, UTHSC executive vice chancellor and chief operations officer.
ITS is also implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework which helps organizations understand cybersecurity risks, threats, vulnerabilities and how to reduce those risks with customized measures. They also follow the Center for Internet Security Top 18, which are the top 18 controls, which if implemented, are proven to reduce the risk to an organization by 80 percent. The Cybersecurity Incident Response Team is continuously monitoring cybersecurity for the campus.
However knowledge is power when staying vigilant against cybersecurity attacks. A top priority for the UTHSC Office of Cybersecurity is filling the knowledge gap among employees and members of an organization so they understand the risks technology presents to the organization based on their behaviors.
“People are the paramount resource for defending our campus and colleges,” Dr. Leber said.
For cybersecurity preparedness topics, resources, best practices videos, or to connect with the Office of Cybersecurity, visit their website.
CISOs Connect is a membership only organization comprised of chief information security officers through Security Connect.