Healthcare Data Breaches
Latest Incident
Nisar A. Quraishi, M.D.
Date: 10/21/2014
State: NY
# of Records: 20,000
Type of Breach: Theft

Featured Articles
The Anthem Breach: Impacts
The Top 3 Cloud Risks Facing CFO's Today
Protecting Data at the Point of Sale, Part 1
Cybersecurity in Modern Critical Infractructure Environments
Florida raises the bar on data privacy, security and breach notification with passage of new law

Cyber Risk News
Sony hack serves as wake-up call, boosts interest in cyber security protocol

Silk Road paid thousands in shake-downs from malicious hackers

Hackers Steal $1 Billion in Massive, Worldwide Breach

Data breach lawsuits combined

St. Peter's Health Partners warns of possible data breach

Data Protection News
The cybercrime economy personified
The paranoid CISO
What happens inside Amazon when there’s a Xen vulnerability
Snowden willing to face trial in US, if it's fair
Android users spammed with fake Amazon gift card offers
Cloud Security: Pulling Back the Curtain
by Carbon Black, Inc.

The providers of Cloud services are gaining lots of small and mid-sized business clients because of their inherent convenience. Such customers generally lack the staff to create and maintain a secure data infrastructure, which is a selling point of Cloud services. Most small companies assume that the Amazons, Apples and Googles of the world have better protections in place for their customers’ data than the customer could ever have alone. While this might be true, let’s investigate the reality first.

The 2011 Verizon Data Breach Report indicates that 83% of all victims surveyed were felled by opportunistic attacks. These victims had publicly vulnerable computers accessible to the internet, fell victim to a mass phishing or drive-by-download attack, or had services with weak or default passwords. The remaining 17% were targeted. These victims possessed enough valuable data that it was worth finding a unique vulnerability in order to gain access to said data. Whether it was a human- or technology-based vulnerability, finding it took significantly more time, money and energy to uncover so the reward had to justify the cost.

Which category does your company fall into? If you don’t have an IT staff, or one that keeps abreast of the latest cyber threats, and you don’t have a lot of readily monitizable data, you probably fall into the opportunistic category. Hiring a Managed Security Service Provider to keep watch over your IT and data is probably a good idea. However, if you possess lots of PCI, PII, PHI, or intellectual property, your company falls into the targeted category and should be investing a considerable amount of money and human resources in security.

The vast majority of companies are somewhere between these two points. They are able to do basic security, but what they are protecting is not so valuable that legions of hackers are trying to break in. It’s these companies that should spend the most time assessing the additional risks of using cloud services.

A recent IEEE article found that “the majority of the cloud service providers felt that security wasn’t really their domain but that of their customers.” That’s not to say they aren’t providing any security at all, just that it’s not their focus. When you look at the fierce competition in this space, can you blame them? What’s worse, even the National Institute for Standards and Technology (NIST) doesn’t think cloud providers should be responsible for securing the data they possess. In fact, their definition of “cloud” seems to be in stark contrast to security. They use words like “convenient”, “on-demand”, “shared”, and “minimal management effort&

To continue reading you must login.