A coffee with… Ryan Witt, VP of Industry Solutions, Proofpoint

We see a tremendous amount of impersonation attacks, especially on IT help desks. We don’t have good controls around stopping that sort of attack. I have spent a lot of time lately, through the guidance of our advisory board, trying to analyse that market to see if we can bring a product or enhance our product to deal with that challenge.

The nirvana state for a threat actor is getting credentials, and the ultra-nirvana state is getting credentials for somebody with privileged access. The moment you have privileged access into a network, it’s like the world is your oyster.

How does your firm address these issues?

We provide deep threat insights, helping organisations understand who’s most likely to be attacked based on our extensive adoption in the market. But in healthcare, we go even further.

With input from our advisory board, we’ve segmented healthcare data into 12 categories—whether you’re a paediatric hospital, an academic institution, or a large health system, we provide targeted reporting on the threats you face.

We’ve also analysed a “typical” health system and identified 30 key departments that are most frequently attacked. In most cases, it comes down to exposure, visibility, and perceived access.

Some roles are naturally more vulnerable because they require downloading files, like HR or finance. Others are high-profile targets, such as executives or researchers. Then there are those who may not be public-facing but are assumed to have valuable access, like system administrators. If someone fits multiple risk factors, they’re a prime target.

We provide the data to show exactly where attacks are happening, making security decisions more strategic. Whether it’s technology, policies, or training, knowing where to focus makes all the difference.

Healthcare firms hit with four times as many cyber-attacks than global average

Why is cybersecurity adoption in healthcare so slow, despite the high risk?

It goes back to a major funding shift. In response to the Great Recession, the US government poured $40 billion into healthcare—but it wasn’t for security, it was for electronic medical records. To qualify, organisations had to meet compliance standards, which they did. But compliance is not security.

While other industries invested in cybersecurity, healthcare focused on checking compliance boxes. By the time that funding wave ended around 2016-17, healthcare was still vulnerable—and has been playing catch-up ever since.

Compare that to financial services. Today, you get instant fraud alerts from your bank: Did you just buy two waters at Sugarcane? Yes or no? That level of investment hasn’t happened in healthcare.

And threat actors know it. Healthcare has more monetisable assets than most industries—clinical research, intellectual property, controlled substances, and the perfect setup for identity theft. They target newborns (stealing an identity before parents can establish it) and hospice patients (who may not notice fraud in their final months).

Hackers see healthcare as the ultimate target: high-value data, slower security adoption, and massive financial incentives. Until healthcare makes the same security investments that banking has, it will remain a prime target.

As well as coffee, Ryan Witt likes wine and makes 110/120 cases yearly

What is your favourite piece of technology that you own?

In 2017, I had a Tesla Model S that was probably the best product I’ve ever owned and probably the best car I’ve ever owned. It was just so advanced. It was amazing. It looked great. It just did things, and you’d be like, “How does it know how to do all this stuff?”

I no longer own a Tesla… for other reasons. But that was a really, really amazing piece of technology.

How do you take your coffee?

I think my taste buds are changing. I used to be a hardcore dark coffee drinker, with an Italian press. For most of my life, I’ve gone for that really dark, super strong brew. Now, I like a latte with an extra shot. That’s how I do it. But I have to have an extra shot; it can’t be too milky.

Other than caffeine, how do you recharge?

I’m a winemaker. I have 31 vines on my property and, depending on the year and how good the sun was, I could get up to four cases of wine from that. And I’m part of a broader group of friends, seven of us in total, who make wine; collectively, we do about 110/120 cases yearly.

So, we make Cabernets, Zinfandel, and Pinot Noir. Some of it is from grapes we grow, and some from grapes that we buy.