There’s a new kind of developer in town. These developers have no training in software languages, and no computer science degree. But they are building apps in the enterprise to get their jobs done.
All about Virtualization and Cloud Security | Recent Articles:
It’s well known that insiders pose a significant threat to enterprise security.
Cloud security has been perceived as the main issue of Cloud ever since the cloud first became a reality for enterprises. And despite many efforts to protect cloud services against data breaches and other attacks, recent research shows that much uncertainty, concern and turbulence remain when it comes to ensuring that data in the cloud is secure.
In the recent post, Healthcare Security Lapses: No Signs of Slowdown, we discussed just how big the challenges are to securing healthcare data. To get a sense of what healthcare providers may be doing that are hampering their efforts, we turned to a long-time hospital chief information security officer, Eric W. Cowperthwaite. Cowperthwaite served at Seattle–based Providence Health & Services as its first Chief Information Security Officer for more than seven years. Cowperthwaite also served as the first Information Security Officer of Medi-Cal (California’s Medicaid program), where he established a formal information security program.
Should the salaries of CEOs be linked to how well their company has protected itself against security threats?
British MPs certainly seem to think so.
Healthcare-related data breaches just are showing no signs of slowing down. Just last week, the Stamford Podiatry Group was reported by the U.S. Department of Health and Human Services Office for Civil Rights to have suffered a hacking/IT incident that exposed the records of 40,491 people. Days later, the same office reported that Washington DC, VA Medical Center suffered a physical record theft that exposed 1,062 individuals.
If no one trusted the Internet, what would that mean for online business—or even for business in general? Even as so many consumers and businesses rely on the web to conduct all kinds of transactions, fears about data breaches and loss of privacy has many people spooked about sharing personal information online.
We’ve been writing a lot about cybersecurity insurance - most recently in Cybersecurity Insurance: Closing the Widening Risk Gap. This is a fast-moving market, and one I think that will increasingly affect how enterprises help manage cybersecurity risks. And, in the long term, insurance may even help enterprises more cost effectively and efficiently reduce risk. But the road there is going to be filled with bumps and false starts – if that end state will be reached at all.
Have you trained your employees to be on the lookout for bogus emails?
In reaction to the rising complexity and increased damage of certain cyber-attacks, more enterprises have been turning to threat intelligence as a way to stay tuned to the risks. Last year, Enterprise Strategy Group released a survey that found 72% of organizations planned to increase their threat intelligence programs this year.
Some argue that successful information security is a matter of getting the technology right. Others contend that it’s more about training and education. I think both views are valid, but neither is complete. Good information security is about technology design and deployment, to be sure. But it’s also about people and the right processes being in place.
It seems no matter how hard enterprises try, no matter what investments in security controls and processes they make, and no matter how much they strive to harden their systems, data breaches, data manipulation, cyber extortion and other attacks on availability are going to happen. Just like taking precautions to protect themselves from fraud and theft, or natural disasters like hurricanes, tornados, earthquakes and fires. Industry takes steps to mitigate these risks, but can’t eliminate these risks. Cybersecurity is much the same.