Healthcare Data Breaches
Latest Incident
Multiple Health Plans
Date: 12/07/2013
State: CA
# of Records: 1368
Type of Breach: Theft, Other
Source: www.HHS.gov

Featured Articles
Eight Security Concerns Before Jumping Into the Cloud
 
HIPAA Business Associates Security Requirements - What You Need To Know
 
Three Rules for Password Sanity
 
Professional service firms are the new target of cyber/data thieves
 
Hannaford vs. comScore—Up and Down Results for Privacy Class Action Defendants
 

Cyber Risk News
Card Processor Hit In A $40 Million Breach. Was It Yours?

Oklahoma City wireless companies admit to data breach

US data breach exposes 160,000 social security numbers

Visa: Genesco data breach ‘massive,’ affected millions

Veterans File Lawsuit Over Health Data Breach at VA Medical Center


Security Wire
RSA Silver Tail improves online fraud detection, enterprise security
 
Users may remain vulnerable despite Oracle Java patch release
 
Enterprise BYOD offers mixed bag for enterprise endpoint security
 
CEO: Symantec strategy to emphasize endpoint security, partnerships
 
Office, 32-bit Windows fixes included in Patch Tuesday update
 
Cloud Security: Pulling Back the Curtain
by Carbon Black, Inc.

The providers of Cloud services are gaining lots of small and mid-sized business clients because of their inherent convenience. Such customers generally lack the staff to create and maintain a secure data infrastructure, which is a selling point of Cloud services. Most small companies assume that the Amazons, Apples and Googles of the world have better protections in place for their customers’ data than the customer could ever have alone. While this might be true, let’s investigate the reality first.

The 2011 Verizon Data Breach Report indicates that 83% of all victims surveyed were felled by opportunistic attacks. These victims had publicly vulnerable computers accessible to the internet, fell victim to a mass phishing or drive-by-download attack, or had services with weak or default passwords. The remaining 17% were targeted. These victims possessed enough valuable data that it was worth finding a unique vulnerability in order to gain access to said data. Whether it was a human- or technology-based vulnerability, finding it took significantly more time, money and energy to uncover so the reward had to justify the cost.

Which category does your company fall into? If you don’t have an IT staff, or one that keeps abreast of the latest cyber threats, and you don’t have a lot of readily monitizable data, you probably fall into the opportunistic category. Hiring a Managed Security Service Provider to keep watch over your IT and data is probably a good idea. However, if you possess lots of PCI, PII, PHI, or intellectual property, your company falls into the targeted category and should be investing a considerable amount of money and human resources in security.

The vast majority of companies are somewhere between these two points. They are able to do basic security, but what they are protecting is not so valuable that legions of hackers are trying to break in. It’s these companies that should spend the most time assessing the additional risks of using cloud services.

A recent IEEE article found that “the majority of the cloud service providers felt that security wasn’t really their domain but that of their customers.” That’s not to say they aren’t providing any security at all, just that it’s not their focus. When you look at the fierce competition in this space, can you blame them? What’s worse, even the National Institute for Standards and Technology (NIST) doesn’t think cloud providers should be responsible for securing the data they possess. In fact, their definition of “cloud” seems to be in stark contrast to security. They use words like “convenient”, “on-demand”, “shared”, and “minimal management effort&

To continue reading you must login.
Powered by NetDiligence   |   Privacy Policy   |   Terms of Use
© 2013 NetDiligence®