Imagine you walk into a pharmacy to get a critical medicine that you need right now. The pharmacist says, “we can’t fill your prescription because your insurance provider’s system has been hacked.”

This is not a science fiction. It has been a week since Change Healthcare’s (a subsidiary of UnitedHealthcare) system has been hacked by BlackCat, the same group responsible for recent ransomware attacks on MGM and Caesars. Many pharmacies around the country are struggling to fill prescriptions due to the disruption caused by this attack. The company has been working hard to resolve the issue but it is still not resolved. Unfortunately this is way too common—so common that people have stopped paying attention to it. There are hundreds of reported ransomware attacks each year including dozens on healthcare facilities. When you hear about cybersecurity impacting business continuity, remember: the "business" in this case is us, human beings.

No one wants breaches and yet they occur. In my numerous conversations with CISOs and CIOs, I sense their apprehension. I also sense a tool fatigue. Despite their best intentions and earnest efforts, they are finding it increasingly difficult to navigate the cybersecurity maze. AI-led attacks are both easier to launch and surprisingly difficult to defend against due to their sophistication. As the attack vectors continue to evolve and expand, traditional threat-based defense approach is simply not good enough. Unless and until business and technology leaders adopt comprehensive risk-based and outcome-based approaches, in close collaboration with the larger cybersecurity community, it is going to be a game of whack-a-mole.

All it takes is one hacker to launch an effective attack but it takes a village to defend against it.