Healthcare Data Breaches
Latest Incident
Banner Health
Date: 02/21/2014
State: AZ
# of Records: 55,207
Type of Breach: Other

Featured Articles
A Cloud Security Breach? It Can’t Happen to Me!
Traitors in Our Midst
Case Study: Alleged Wrongful Data Collection
Encryption Key Management Options: Hardware, Virtualized, and Cloud… Oh My!
New Year, New Requirements for Consumer Web Sites and Mobile Apps

Cyber Risk News
Sally Beauty Hit By Credit Card Breach

Bitcoin bank Flexcoin shuts down after $600,000 theft

1,700 Detroit employees' personal data breached

Minnesota Breach Law Amendment Bill Would Require Notice Within 48 Hours

Aviva customer car insurance accident details stolen

Data Protection News
Tech titan funding just a start in securing critical open-source projects
Activism's slippery slope: Anonymous targets children's hospital
Security vendor blames Amazon for customer malware
CrowdStrike offers new free Heartbleed Scanner tool
Self-taught hackers rule
Cloud Security: Pulling Back the Curtain
by Carbon Black, Inc.

The providers of Cloud services are gaining lots of small and mid-sized business clients because of their inherent convenience. Such customers generally lack the staff to create and maintain a secure data infrastructure, which is a selling point of Cloud services. Most small companies assume that the Amazons, Apples and Googles of the world have better protections in place for their customers’ data than the customer could ever have alone. While this might be true, let’s investigate the reality first.

The 2011 Verizon Data Breach Report indicates that 83% of all victims surveyed were felled by opportunistic attacks. These victims had publicly vulnerable computers accessible to the internet, fell victim to a mass phishing or drive-by-download attack, or had services with weak or default passwords. The remaining 17% were targeted. These victims possessed enough valuable data that it was worth finding a unique vulnerability in order to gain access to said data. Whether it was a human- or technology-based vulnerability, finding it took significantly more time, money and energy to uncover so the reward had to justify the cost.

Which category does your company fall into? If you don’t have an IT staff, or one that keeps abreast of the latest cyber threats, and you don’t have a lot of readily monitizable data, you probably fall into the opportunistic category. Hiring a Managed Security Service Provider to keep watch over your IT and data is probably a good idea. However, if you possess lots of PCI, PII, PHI, or intellectual property, your company falls into the targeted category and should be investing a considerable amount of money and human resources in security.

The vast majority of companies are somewhere between these two points. They are able to do basic security, but what they are protecting is not so valuable that legions of hackers are trying to break in. It’s these companies that should spend the most time assessing the additional risks of using cloud services.

A recent IEEE article found that “the majority of the cloud service providers felt that security wasn’t really their domain but that of their customers.” That’s not to say they aren’t providing any security at all, just that it’s not their focus. When you look at the fierce competition in this space, can you blame them? What’s worse, even the National Institute for Standards and Technology (NIST) doesn’t think cloud providers should be responsible for securing the data they possess. In fact, their definition of “cloud” seems to be in stark contrast to security. They use words like “convenient”, “on-demand”, “shared”, and “minimal management effort&

To continue reading you must login.