- Healthcare breaches continue in high numbers
- Vendor report details minority of healthcare providers can't meet NIST CSF criteria
- Healthcare providers can get back on track, but it will take a strong focus on an effective remediation plan
Getting to understand the costs of data breaches is always tricky. Deciding what variables need to be part of the equation is always tricky. And so is determining the actual costs of such nebulous concepts as "customer churn." But whether it's possible to peg the precise cost of a data breach, there is plenty to learn from trying and looking at trends. One lesson that is clear year after year is that it's regulated industries that pay more for data breaches. This year healthcare is the regulated market that spent the most due to a data breach.
On the evening of July 15, 2020, Twitter users watched one of the most high-profile attacks to occur in years unfold in real-time as imposters sent a series of fraudulent Tweets from the accounts of about 130 celebrities, politicians, and tech industry luminaries. Tweets that promised to provide $2,000 for every $1,000 sent to a Bitcoin address. There are a number of important lesson here for all enterprises, but one that especially stands out.
Nearly a decade ago, Marc Andreessen wrote in the Wall Street Journal how software was “eating the world.” And in this age of digital transformation, that’s most certainly true. Software is now everywhere and consists of everything. Today, enterprises build more customer-facing and software-driven services than ever before. Software bots are automating manual processes, and software plays an increasingly central role in every machine and device we use.
A study of more than 5,500 companies within eight countries found that businesses affected by cyber incidents witnessed their losses rise from $10,000 per incident to $57,000.
Attacks targeting healthcare organizations just won’t let up. In early June, the University of California San Francisco (UCSF) announced that their IT team identified a limited security breach within a part of the UCSF School of Medicine’s IT environment.
As enterprises continue with their digital transformations by automating their manual workflows, moving existing applications to the cloud, and developing and deploying new applications at a record pace, they’re also rapidly increasing the complexity in their environments, and as a result security controls and processes that should be in place continue to slip.
We get so deluged with news stories about data breaches that it’s easy to lose sight of the forest for the trees. Consider, according to a newly released report from ForgeRock, the ForgeRock Consumer Identity Breach Report, which found that more than 5 billion records were exposed last year. That’s a lot of information on a lot of information pertaining to a lot of people.
Enterprise digital transformations are making the jobs of enterprise security teams to properly manage and secure their environments even more challenging. After all, as digital transformations have rapidly increased the complexity of environments as technology teams strain to maintain existing systems, deploy new cloud services, manage IoT devices, and constantly develop and deploy more applications.
Since the very beginnings of the novel coronavirus (COVID-19) pandemic, businesses of all sizes have struggled to adjust to the new occupational normal. IT teams have not been immune to the disruption. Neither have information security teams for that matter. While employment in the IT sector remains much more resilient than other segments of the economy, employment in the IT sector still declined by about 1% last month, even as businesses compete for technical talent and continue digital transformations.
Passwords are a huge hassle. We all must use them, and generally hate doing so. There’s no way to sugarcoat it. The typical user has hundreds of username and password combinations that they must remember and manage. We all forget and must reset passwords regularly. And, over time, many of these accounts, along with the associated passwords, will be abandoned. And over time, they will be compromised. Because so many people reuse their passwords, those credentials will lead to data breaches.
In its sixth annual Data Security Incident Response (DSIR) Report, BakerHostetler found that phishing attacks ranked as the leading cause of data incidents among the 959 cybersecurity incidents the law firm helped clients manage last year. This is the fifth year in a row phishing proved to be the top cause of data security incidents in the law firm’s report.
