Tag Archives: today

[ISN] Why Health Data Security Still Has Catching Up To Do


http://healthitsecurity.com/2014/11/17/health-data-security-still-catching/ By Elizabeth Snell Health IT Security November 17, 2014 There is no question that the healthcare industry and its subsequent health data security options have made great strides over the last several years. However, with cyber thieves more interested than ever before in medical information, it is essential for healthcare organizations to go beyond the standard HIPAA compliance standards. Mark Ford, Principle of Deloitte Cyber Risk Services, specializes in the healthcare industry and discussed the current cyber threats and health data security issues with HealthITSecurity.com. According to Ford, the healthcare sector has come a long way in the last five years alone. However, the industry is still behind others – such as manufacturing and financial services – in terms of implementing the necessary cyber risk prevention measures. “What I’ve seen over time is the industry is making progress,” Ford said. “It’s still kind of slow, it’s more reactive, and has a more compliant focus still. There’s a pretty significant gap between where they are today and where they ultimately need to be. The only way to close that gap is to obviously understand what it is and does to make sure they can lift themselves up to another level of maturity in the future.” For example, Ford explained that from the mid-1990s to the early 2000s, approximately 70 percent of the online threats to the healthcare industry were from insider threats. The rest was relegated to hacker threats. However, that has shifted as there are now different types of hackers. […]

Tags: , , , , , , , , , , , , , , , , , , ,

[ISN] ISACA survey shows security disconnect for breaches, wearables

http://www.csoonline.com/article/2847313/security-awareness/isaca-survey-shows-security-disconnect-for-breaches-wearables.html By Maria Korolov CSO Nov 12, 2014 “This year was the year of the breach,” ISACA international president Robert Stroud told CSO Online. ISACA, a global association of risk and cybersecurity professionals, released its global IT Risk/Reward Barometer today, a survey of over 1,600 IT professionals and 4,000 consumers, in which 94 percent of Americans said they were aware of a major data breach at a retailer. But they just didn’t care. “We saw some consistently risky actions,” Stroud said. “Fewer than half changed their online passwords or pin codes.” Only 28 percent said they shopped less frequently at a retailer that experienced a data breach, and only 15 percent said they made fewer online or mobile purchases. […]

Tags: , , , , , , , , , , , , , ,

[ISN] Banks’ Concerns About Cyberthreats Grow

http://www.bankinfosecurity.com/banks-concerns-about-cyberthreats-grow-a-7486 By Tracy Kitten Bank Info Security October 28, 2014 Banking leaders say they’re substantially more concerned today than they were just six months ago about cyber-attacks and geopolitical threats aimed at the global financial system. That’s according to a report covering results of a survey conducted during the third quarter and published last week by the Depository Trust & Clearing Corp. The DTCC provides clearing and settlement services for banking institutions. Participants in the survey included financial stakeholders from throughout the world. Since March, when the DTCC last conducted its Systemic Risk Barometer survey, more global banking leaders say they see ongoing cyber-risks as posing increasing concern. They rate cyberthreats as the No. 1 systemic risk facing the global economy today. Banking institutions and other financial services firms surveyed by the DTCC say that in the past 12 months, they have increased their investments in systems and technologies designed to monitor and mitigate systemic risks, such as cyber-attacks and economic recessions that could collapse the global financial system. […]

Tags: , , , , , , , , , , , ,

[ISN] Facebook, Google, and the Rise of Open Source Security Software

http://www.wired.com/2014/10/facebook-builder-osquery/ By Cade Metz Enterprise Wired.com 10.29.14 Facebook chief security officer Joe Sullivan says that people like Mike Arpaia are hard to find. Arpaia is a security engineer, but he’s not the kind who spends his days trying to break into computer software, hoping he can beat miscreants to the punch. As Sullivan describes him, he’s a “builder”—someone who creates new tools capable of better protecting our computer software—and that’s unusual. “You go to the security conferences, and it’s all about breaking things,” Sullivan says. “It’s not about building things.” Facebook hired Arpaia in January, and in the nine months since, he and a small team of other engineers built a tool called OSquery, which aims to identify attacks on the thousands of machines used across the company, including both the servers that underpin Facebook’s vast online empire and the personal computers used by employees. OSquery is still under test at Facebook—and only on employee machines—but on Wednesday, the company open-sourced the tool, sharing the underlying code with the world at large. It’s another way of saying that people like Mike Arpaia are hard to find. On today’s internet, as Sullivan explains, you can’t buy your way to good security. If you run a large online operation like Facebook, you need more than just off-the-shelf hardware and software to protect the thing. “You can’t just install three appliances and go back to work,” he says. Today’s online operations are so complex, you’re forced to build your own security tools, tailoring software to your particular setup. In open sourcing OSquery, Facebook aims to help others do that—and in the process, help itself. Outside companies can use the tool—as some already do, according to Arpaia—but they can also help Facebook improve it. […]

Tags: , , , , , , , , , , , , , , ,

[ISN] Army fitness standards for fat ‘cyber warriors’ may change as U.S. waistlines grow

http://www.washingtontimes.com/news/2014/oct/28/army-fitness-standards-for-fat-cyber-warriors-may-/ By Douglas Ernst The Washington Times October 28, 2014 There U.S. Army’s recruitment pool keeps getting bigger — around the waistline — a reality that is forcing its top brass to consider relaxing fitness standards for future “cyber warriors.” Maj. Gen. Allen Batschelet, commanding general for the U.S. Army Recruiting Command at Fort Knox, Ky., recently spoke of the challenges recruiters face in a nation where 70 percent of young people between the ages of 17 and 24 are ineligible to serve. “Today, we need cyber warriors, so we’re starting to recruit for Army Cyber,” Gen. Batschelet toldthe Florida Times-Union Oct. 23. “One of the things we’re considering is that your [mission] as a cyber warrior is different.; Maybe you’re not the Ranger who can do 100 pushups, 100 sit-ups and run the 2-mile inside of 10 minutes, but you can crack a data system of an enemy. But you’re physically fit, you’re a healthy person and maintain your professional appearance, but we don’t make you have the same physical standards as someone who’s in the Ranger Battalion,” he added. The officer told the paper that successfully implementing such a decision would require the Army to undergo a cultural change that “is kind of a different definition of quality.” […]

Tags: , , , , , , , ,

[ISN] Why Data Breach at Staples May Not Matter

http://247wallst.com/retail/2014/10/21/why-data-breach-at-staples-may-not-matter/ By Paul Ausick 247wallst.com October 21, 2014 Office supply store Staples Inc. (NASDAQ: SPLS) confirmed on Monday that it is investigating a breach of payment card data at some of its locations in the northeast United States. The company has said little else except that it takes protecting customer data “very seriously” and reminds customers that they are not responsible for any fraud on their credit cards if the fraudulent activity is reported quickly. The news had at most a minor impact on Staples’s stock Tuesday. Shares opened about down about 1.3% but clawed back to around flat for the day in afternoon trading. That’s not always the case when a retailer reports a data breach, but there are a couple of mitigating circumstances here. First, the company’s stock was upgraded early in September from Neutral to Outperform at Credit Suisse based on a possible merger between Staples and Office Depot Inc. (NYSE: ODP). We had our doubts about such a merger at the time, and Staples’s stock price has actually dropped back from a high around $12.75 at the time the upgrade was made to around $12.30 today. Also, Staples has not provided any detail on the number of records that were breached, but the thefts appear to have been limited to a relatively few of the company’s more than 1,500 U.S. stores. According to the Krebs on Security blog, at least seven stores in Pennsylvania, three in New York City and one in New Jersey were affected. […]

Tags: , , , , , , , , , , ,

My latest Gartner research: Competitive Landscape: Carrier-Class Network Firewalls

Projects related to LTE, LTE-A, VoLTE and the Internet of Things (IoT) are key challenges for communications service providers (CSPs) today, given the new protocols and interfaces. CSPs’ goal is to increase service capabilities, which will in turn create the need for higher speeds …

Gartner clients can access this new research by clicking here.

Tags: , , , , , , ,

[ISN] Hackers have broken into mainstream TV

http://www.usatoday.com/story/life/tv/2014/10/19/hackers-on-tv/17432191/ By Ann Oldenburg USA TODAY October 19, 2014 Hackers are hot. Yes, they tend to be villains in real life, making headlines for tapping into Target to steal credit card data, breaking into the cloud to snatch nude celebrity photos, and even breaching government firewalls to commit all sorts of top-level cybercrimes. But on TV? They’re the new heroes. “Hackers are often unfairly portrayed as super-bad people, super-evil people,” says Nick Santora, executive producer of Scorpion, CBS’s new hit about hackers who help solve high-tech threats. “The truth is, hackers can provide a valuable service. They can uncover government misdeeds, unfair corporate practices. Hackers have a skill set that most people don’t have. It’s a skill set that’s really useful and important. They’re the watchers of the watchers.” Scorpion, airing Mondays at 9 p.m. ET/PT, premiered to a lot of its own watchers in September with a healthy 13.8 million viewers and is the No. 2 new show this fall, behind NCIS: New Orleans. And, according to a study released last week, the show has had the most positive word of mouth of all the new fall broadcast network series. […]

Tags: , , , , , , , , , , , , , , , , , ,