Wednesday, February 19, 2014

Cisco, health care reports show no industry is safe

Data breaches clearly aren't limited to retailers like Target. Cisco's annual security report predicts "unprecedented growth" for more and more advanced attacks coming in 2014. Mobile devices are clear targets, with about 99 percent of mobile malware affecting the Android platform. The behavior of mobile users tends to be less guarded, leaving devices with "unanticipated weaknesses and inadequately defended assets."

Network infrastructure is also increasingly targeted by cybercriminals "with the goal of proliferating attacks across legions of individual assets served by these resources." And organized cyber crime is maturing, with diverse motivations ranging from Robin Hood-type attacks to those aiming to score cold hard cash. There are public versus private sector battles and those seeking a financial payout versus inflicting vindictive damage on reputations.

No industry is safe. Cisco cites malware as becoming more directed toward oil, gas and energy companies than in the past.

Then there is health care. Another recent report by Redspin says over 7 million patient health records were recorded as breached in 2013 alone, an increase of over 138 percent year over year. 29 million patient health records have been affected since reporting became mandatory with the HITECH Act (Health Information Technology for Economic and Clinical Health) in 2009. Despite HIPAA regulations, 83 percent of the 2013 breaches resulted from theft—about 35 percent were from someone stealing a piece of hardware like an unencrypted laptop or other portable device. Was the data used for malicious purposes? Probably not. In most cases a drive is probably wiped for a quick sale. But the law is clear that unencrypted data out of a controlled situation is breached.

The Cisco report wraps up by summarizing their recommendations as "verifying trustworthiness and improving visibility." Readers are encouraged to approach security from a real-world position. Cyber security is an ongoing battle, with new fronts opening up as quickly as others are conquered, or at least holding ground.
“Come to an agreement as to what is most important from a cybersecurity perspective,” says Gavin Reid, director of threat intelligence for Cisco. “This is a more productive approach than hoping to find a magic pill that can fix everything.”
Short of a magic pill, CTOs and CISOs need to be looking for—and finding—security at all levels. A technology like Uplogix Local Management won't disappoint. When it comes to network infrastructure security, at a high level, Uplogix:
  • Maintains secure software and configurations | Updating the software on, and configuration of, network and communications devices in the face of constantly evolving security threats
  • Secures Administrative Console Access | Ensuring appropriate and audited access and compliance with policy by the technicians, sometimes employees sometimes not, that you rely on to maintain network and communications gear