Recently, the FBI has issued a warning to healthcare providers that their cyber security systems are lacking or not as good compared to other sectors which makes them highly vulnerable to attackers and hackers that are searching for personal medical records and health insurance data. Healthcare data is highly valuable to hackers in the black market as oppose to credit card numbers and data because it tends to contain details that can typically be used to access bank accounts or contain prescriptions for controlled substances. The overall demand for medical information is very strong on criminal marketplaces due in large part because it takes victims longer to realize the information has been stolen and report it, and because of the different ways the information can be used.
When you receive alerts about cyber security breaches every morning i try to identify a common thread that can be use used by smaller businesses as a tool to reduce their exposure.
We knew the day was coming. As the cliche goes, all good things must come to an end. So even with the extensions and pressure from the Windows XP community, today marks the day that Microsoft is discontinuing support for the venerable Windows XP operating system. So what does this mean for the millions of XP users still using the what at one time was Microsoft's most popular operating system ever? The answer is actually fairly simple and straightforward, although not necessarily what some companies will want to hear. The best way to ensure that your Windows XP systems are safe from newly discovered vulnerabilities is simply to disconnect them from the Internet.
President Barack Obama issued Executive Order 13636 that calls for the strengthening of "Critical Infrastructure Cybersecurity" nearly a full year ago on Feb. 19, 2013. Yesterday, the National Institute of Standards and Technology announcingthe release of version 1 of a Cybersecurity Framework.
Happy new year!
We know that writing a blog is fun, and you can get information out or just talk to a set group of interested people about a topic you like. This is great and gives all of us an equal platform for our opinions. Although there always seems to be one thing that we forget, and that is Information Security regarding our blogging material. We see a lot of exploits for Wordpress on a regular basis. We have seen 6 exploits just in this month for Wordpress and associated plugins.
A former co-worker of mine once mused, "De-nile is not just a river in Egypt," in response to a client who stated that the security problem we had identified didn't matter to him, his manager or in fact, the organization. This was despite the company in question was paying my former employer vast sums of money so that they didn't have to employ those with the expertise, namely us, directly.
Data breaches cost global business billions of dollars annually, but by internalizing the lessons of breaches past, future incidents need not be so costly. The Ponemon Institute’s fifth annual Cost of Data Breach Study: Global Analysis, which analyzes cost of data breaches globally, includes a pool of nearly 300 international businesses from 16 industries based in 9 countries. It offers critical insights into not only the cost of breach, but also the major factors that increase and decrease the related damage to an organization’s bottom line.
Every company faces this dilemma at some point: an employee must be discharged from their job where they had access to confidential corporate data. The reasons are as varied as the people themselves. Perhaps the discharge is due to corporate downsizing. Maybe the company is changing its focus and the employee’s job has become obsolete. The worst scenario occurs when the company finds an employee doing something nefarious, such as stealing information or accessing confidential data to which they have no business responsibility, such as looking up the personal contact information for a client that the employee wants to date.
Microsoft Security Response Center has a list it calls the 10 Immutable Laws of Security. Generally speaking, the list is pretty good. Microsoft is clear that there are times when companies can lose control of their assets to an attacker and that this is often the biggest fear business owners’ face. However, as with any list, it is limited and misses one of the most important Laws of Cyber Security. We will get to that in a moment.