Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

What CISOs Can Learn from ER Doctors

By Working Together and Sharing Missteps, Defenders Can Gain Crucial Security Insights and Prevent the Spread of Attacks

By Working Together and Sharing Missteps, Defenders Can Gain Crucial Security Insights and Prevent the Spread of Attacks

One of the areas that is still a major sore point in the security industry is cross-organization knowledge sharing. Most organizations operate in silos, unwilling to discuss their approach to security with any others for a variety of reasons. Part of this is to maintain security in itself – if others know what they are doing to protect themselves, potentially that knowledge could be exploited. But more often, it’s a fear of judgment or retribution that prevents companies from openly discussing their security tactics with others.

When a company faces a breach or another form of security failure, they are often vilified and “breach-shamed” by others, many of whom either claim they could have stopped such an attack or dissect the targeted organization’s supposedly poor security tactics or procedures. To avoid this potential criticism, too often these failures are whispered about in corners or hidden from broader view because organizations are worried about the repercussions to their financial performance or public perception, or worse, a legal ramification.

The fact is, every organization will be the target of an attack at some point. Instead of pointing fingers at one another when this happens, the best approach would be for security organizations to come together to discuss their learnings and move forward, to prevent the same thing from happen to others.

A great example of this in another industry is in healthcare. Doctors hold Morbidity and Mortality (M&M) conferences to learn from complications and errors, modify behavior based on previous experiences and prevent repetition of errors. The goal is to improve patient care and discuss learnings without fear of punishment or legal ramifications, and the meetings are held on a regular basis, often weekly or monthly.

M&M conferences are generally moderated by a senior physician and attended by all hospital residents, select attendees and other staff who may have intimate knowledge of the case, such as nurses, other physicians or lab personnel. The resident in charge of the patient will spend thirty minutes to an hour discussing the case, including the process, outcome, any potential errors that occurred and anything unique that they learned from the experience. Their peers then ask questions, discuss the case and decide on alternate approaches moving forward.

In addition to being a valuable way for physicians to understand cases other than their own and receive learnings from other doctors, these conferences benefit the healthcare industry and future patients. By sharing their learnings broadly, doctors can help ensure these mistakes aren’t made in the future.

These peer review conferences are effective largely because their proceedings are kept confidential by law. Certain states provide protection which prevents compelled disclosure of a peer review committee’s records or proceedings in a court case. So, in the event that a court case arises over the medical care discussed at one of these meetings, none of the meeting attendees can be forced to disclose any of the information that was discussed in court. This protects the physicians and allows them to speak freely about their cases, mistakes and learnings, without fear of legal ramifications.

In the security industry, we could do well to adopt our own version of M&M conferences. Rather than protecting our own security practices to a fault or targeting other organizations who have been breached, we should be working collaboratively in a similar way to better benefit the security industry as a whole. If we took a page from our physicians and worked together to share our missteps and move forward, we could provide crucial security learnings and prevent the spread of attacks.

Learn More at SecurityWeek’s CISO Forum

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.