[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
4 takeaways from Ponemon’s 2015 healthcare security report
Ponemonâs recently published 2015 Study on Privacy & Data Security of Healthcare Data makes one point crystal clear: healthcare organizations must do more to protect sensitive patient information from the wide variety of data breach threats.
A shockingly high 91 percent of respondents reported falling victim to at least one data breach in the last two years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.
Only one-third of respondents stated they had sufficient resources to prevent or quickly detect a data breach, and just barely half had the on-staff technical expertise to identify and resolve data breaches. With limited resources available, healthcare organizations need to focus on leveraging technology specifically designed to enforce controls and defensive measures, especially automation tools that can be integrated into systems and processes. Well-implemented technological controls can bolster the effectiveness of the human and financial resources within an organization to better get ahead of attacks.
It is far more effective for IT teams to build layers of security closest to the items that require protection. If the loss of laptops is of great concern, encrypting hard drives that contain sensitive information will be more effective than adding new controls to VPN access. If preventing unauthorized access to databases and servers containing sensitive health information is the goal, IT teams should put security and auditing measures in place around privileged account credentials instead of attempting to build more firewall perimeters, which these accounts will likely have access to anyway.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fc53572630&e=20056c7556
Only 41 per cent of local government employees believe theyâre protected against cyber-crime threat
The research, conducted on behalf of security software company Sophos by Dods Research, surveyed 2,728 local government and police workers across a wide range of disciplines. Almost half indicated a low level of awareness of cyber security and cyber crime across the general workforce.
It found that that while 62 per cent of employees said they were planning to make savings by increasing or implementing shared services, only nine per cent are looking at consolidating their IT security services.
Nearly half (46 per cent) increased awareness of data security due to high-profile security breaches and upcoming EU legislation. When asked what their main concerns were from an IT security point of view – issues around data loss (47 per cent) came out on top of the agenda, followed by remote access (31 per cent) and targeted attacks (25 per cent).
But it found that despite 59 per cent of employees highlighting the demand for more remote and mobile working practices, public sector organisations are still sceptical about turning to cloud storage – with only 16 per cent using such tools.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=357df960cd&e=20056c7556
Security industry failing to keep pace with hacker innovation, Cisco warns
The Cisco 2015 Midyear Security Report outlines a number of major problems facing the security industry, including the Angler exploit kit, Flash vulnerabilities, ransomware and the time it takes to detect threats.
Up to 40 percent of people who encounter an Angler exploit kit landing page on the web end up compromised.
“Although Adobe frequently updates its Flash Player, many users are simply not quick enough to apply updates that would protect them from exploits targeting the vulnerability being patched,” the report noted.
The report identified ransomware as another cause for concern. “Ransomware encrypts users’ files – targeting everything from financial files to family photos – and provides the keys for decryption only after users pay a ransom,” Cisco said.
One major area of concern in the report is the fact that the average time to detection ranges between 100 to 200 days, which is extremely slow compared with how quickly cyber threats can now develop. “There can be lots of security technology but it’s rarely integrated. There can be 50 to 60 solutions all trying to stop an attack.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=106a229792&e=20056c7556
Combat IT complexity with operational intelligence
A report from analyst firm Quocirca, commissioned by Splunk, says that integrating business intelligence and analytics tools into operational processes helps companies to cope better with IT complexity and more intensive security measures.
The report, Masters of the Machine II, reveals that European businessesâ security concerns have risen by 25% since 2013. And security is not the only worry: data chaos and poor customer experience concerns are also up by 22% and 21% respectively compared with the 2013 figures.
The Quocirca research also points out how 68% of organisations with a âhighâ or âmediumâ reliance on the cross-channel experience have to deal with increased volumes of data from those channels, including mobile apps, social media and sensor-based devices.Businesses with a weaker OI capability struggle to know what is going on in the new media channels.
The report findings show that about 30% of organisations have no real coping strategy, even though most maintained the ability to respond in-house. These cases reveal a considerably lower operational intelligence index; a higher operational intelligence would allow them to understand what issues might occur, what issues have occurred, and work out how best to respond to them while minimising the impact of the system downtime on the business.
Tarzey says that nearly 75% of organisations are now using cloud-based software-as-a-service (SaaS) applications, with a similar number using infrastructure or platform-as-a-service (IaaS/PaaS) to deploy applications that run in third-party datacentres. That would not be a problem for operational intelligence tools, which âcan be used on-premise, as SaaS or a hybrid of bothâ, points out Davies. He says an operational intelligence tool can deal with data regardless of source, be it on-premise or cloud, because âit is just machine dataâ to the tool.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=333013fe86&e=20056c7556
Building a Threat Intelligence Program: Gathering TI
We started documenting how to build a Threat Intelligence program in our first post, so now itâs time to dig into the mechanics of thinking more strategically and systematically about how to benefit from the misfortune of others and make the best use of TI. Itâs hard to use TI you donât actually have yet, so the first step is to gather the TI you need.
As always, we suggest you start by defining your problem, and then identifying the offerings that would help you solve it most effectively. Start with your the primary use case for threat intel. Basically, what is the catalyst to spend money? Thatâs the place to start. Our research indicates this catalyst is typically one of a handful of issues:
– Attack prevention/detection
– Forensics
– Hunting
After you define what you need from TI, how will you pay for it? We know, thatâs a pesky detail, but it is important, as you set up a TI program, to figure out which executive sponsors will support it and whether that funding source is sustainable.
The best way to figure out which data sources are useful is to actually use them. Yes, that means a proof of concept for the services. You canât look at all the data sources, but pick a handful and start looking through the feeds. Perhaps integrate data into your monitors (SIEM and IPS) in alert-only mode, and see what youâd block or alert on, to get a feel for its value. Is the interface one you can use effectively? Does it take professional services to integrate the feed into your environment? Does a TI platform provide enough value to look at it every day, in addition to the 5-10 other consoles you need to deal with? These are all questions you should be able to answer before you write a check.
Many early threat intelligence services focused on general security data, identifying malware indicators and tracking malicious sites. But how does that apply to your environment? That is where the TI business is going. Both providing more context for generic data, and applying it to your environment (typically through a Threat Intel Platform), as well as having researchers focus specifically on your organization.
If you use multiple threat intelligence sources you will want to make sure you donât get duplicate alerts. Key to determining overlap is understanding how each intelligence vendor gets its data. Do they use honeypots? Do they mine DNS traffic and track new domain registrations? Have they built a cloud-based malware analysis/sandboxing capability? You can categorize vendors by their tactics to make sure you donât pay for redundant data sets.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5d2bcf2a49&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f2621ae28b)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)