Enterprise governance, risk, and compliance programs are designed, in important part, to ensure that companies stay on track and manage risk and uncertainty. Many organizations, due to the COVID-19 pandemic, are now finding whether their risk management and cybersecurity plans will work as intended.
Let’s face it: CIOs are quite busy as they drive forward with their digital transformation efforts, build their DevOps teams, and continue their work to ensure that their business-technology systems are aligned with business needs — and somewhere within all of that work they have to find a way to keep these systems secure.
As healthcare providers and public health agencies around the world find themselves pressed at capacity to deliver care during the novel coronavirus pandemic, attackers show no signs of mercy as they still target healthcare websites and IT systems — further stressing a system already taxed as patients seek critical care.
One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.
Since 2007, security services provider Unisys has measured the level of security concerns among consumers. Unisys claims its “Security Index” is the longest-running snapshot of consumer views regarding security from around the world.
When it comes to critical infrastructure, there are few more essential than electricity generation and distribution. Without electricity, nothing else works. According to a report from cybersecurity firm Dragos, groups have shown that they have the capability to impact power operations and network connectivity detrimentally. "Electric utilities remain at risk for a disruptive – and potentially destructive – cyberattack due to the political and economic impact such an event may cause,” the firm wrote in its report North American Electric Cyber Threat Perspective.
While software developers are showing signs of high apprehension when it comes to the security of their software, their organizations however have considerable work ahead of them getting developers the tools they need to succeed.
What is security culture? There’s lots of talk about how important security culture is to a security program, but security culture is a nebulous concept to attempt to define — and harder still to measure. It’s also, apparently, difficult to achieve: a survey from the IT governance professional’s organization ISACA found that nine in ten enterprises said they have a gap between the security culture they want to have and the actual culture they have in place.
New research estimates, after all the breach data, is tallied, that by the end of 2019, healthcare-related data breaches will cost the industry $4 billion, and respondents to a recent survey expect those numbers to only increase in the year ahead.
Canada-based LifeLabs notified 15 million patients on December 17 that their personal information relating to healthcare, including name, address, email, login, passwords, date of birth, healthcare number, and lab test results, may have been accessed without authorization. Most of those affected reside within British Columbia and Ontario.
Healthcare organizations are doing everything they can to modernize and digitally transform their organizations, but by many accounts, healthcare remains a laggard when it comes to digitization. And as a recent PwC report reads, “The question for 2020 will be whether this digital transformation will benefit consumers—marking a new dawn for the US health industry and for the people whose lives depend on it.”
