Data Security Welcome Dealing with Data Security is a newsletter for IT Security Managers, delivered straight to your inbox every week.

Your time is valuable and there are no shortage of blogs, magazines, websites and whitepapers to review that are pertinent to IT security... possibly too many. This newsletter aims to cut through the clutter and deliver quality, yet concise, information that will assist you in keeping up to date on information relevant to your field.

Each newsletter is designed to be read in its entirety in 10 minutes or less…this allows you to get back to fighting the bad guys from accessing your systems and fighting the bad habits of your associates.

If you haven't signed up yet to receive, just click the button below for your complimentary subscription:

Eye-Popping Stat of Week

A cloud backup software provider, Asigra is citing new research that shows a “significant growth” in digital threats to patient health information (PHI). This threat is mainly in the realm of electronic health records (HER) that continues to explode.

According to a 2012 Healthcare Information and Management Systems Society (HIMSS) Analytics report titled, Security of Patient Data. The report found that among the 207 data breaches that affected more than 500 healthcare organizations over the past 12 months, 27% reported a security breach compared with 19% in 2010 and 13% in 2008. 69% of the organizations that experienced a breach in the last year reported experiencing more than one breach. When asked about the factors contributing to healthcare industry data breaches, 31% cited the use of mobile devices to store health information and 28% cited the sharing of health information with third parties. This has resulted in a significant number of class-action lawsuits where the possible liability may surpass U.S. $4 billion.

Big Time Data Breach of Week

A system misconfiguration and incorrect access settings are the culprits in a decade long data breach according to officials and the University of North Carolina at Charlotte.  The breach exposed the financial data and Social Security numbers of about 350,000 people.  The official statement from the school stated that they did not believe any of the data was used for criminal purposes.

"The university has no reason to believe that any information from either of these incidents was inappropriately accessed or that information was used for identity theft or other crime," it said.  Both problems have been corrected according the school.  The one problem had lasted about 3 months, but the other was more than a decade old.  The school was encouraging anyone that was concerned about fraud to place a free fraud alert with the credit rating agencies.

Security Hole of Week

Simon Bain, chief technology officer of cloud search specialist Simplexo has spoken out on the need for companies to use more tools with greater sophistication after the high-profile data breach at Global Payments. Bain said, “Firms rely on firewalls and tokens for authentication, but these tools are obviously not enough, based on how many people are getting access to data these days that shouldn’t.”

Bain went on to say that, “In that case (Global Payments), around 1.5 million credit card details were exposed. People should be looking at that and asking themselves, ‘how do we stop that happening to us?’ But they don’t,” Bain’s view and that of his firm is that one gaping hole is the fact that the majority of companies do not encrypt their data. “Allowing unencrypted data to be held in a database is unforgiveable [because] people’s private data should be just that,” he added.

Shiny New Object of Week

As the economy slowly begins to warm up again, business travel is on the increase as well. With this ever increasing mobile work force there is certain to be an overload of gear and gadgets. Already busting pockets and overloading bags are tablets, smart phones, cords and batteries. CIO magazine took a look at 10 great mobile devices for the traveling business pro. Here is just 1 of their product reviews, but this one focuses on mobile data security.

From CIO: "The LOK-IT is an encrypted flash drive that offers hardware authentication which renders it impervious to key loggers or other spyware. The secret passkey must first be keyed into the built-in number pad before plugging the LOK-IT into a USB slot, where it appears as a normal storage volume. Unplugging it automatically locks it, which is as fool-proof as you can get. Moreover, the LOK-IT is platform-independent and will work on any operating system and even office appliances such as scanners, projectors and other mobile devices with USB OTG."

Current Featured Article

Pentagon Expands Private-Public Cyber Security Program




This week, the Pentagon announced that it was going to expand a trial program that it has been conducting around greater cyber security.  The program that teamed the government with Internet carriers to protect defense contractor’s computer networks against data theft from foreign enemies.

This expansion is a part of the Pentagon’s much larger effort to broaden the sharing of classified and unclassified cyber threat data between the government and industry.  The Department of Defense (DoD) believes that the collaboration has shown promise and is a good effort to thwart cyber criminals using public and private sector cooperation.

“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to stay current with emerging cyber threats,” Ashton B. Carter, deputy secretary of defense, said in announcing the move Friday.

The Defense Industrial Base enhanced pilot program was started about a year ago.  The program included 17 companies that volunteered to have commercial carriers such as Verizon and AT&T scan e-mail traffic entering their networks for malicious software. Outgoing email messages with signs of being redirected to illicit rogue sites gets blocked so it won’t be directed to an enemy’s network. The carriers use classified threat data provided by the National Security Agency (NSA) to screen the traffic, as well as unclassified threat data provided by the Department of Homeland Security.

Carter commented further that defense industry’s expanding reliance on the Internet for daily business has exposed sensitive information held on network servers to the risk of digital theft. Experts in and out of government have noted that corporate cyber-espionage mainly via China and Russia has reached epidemic scale.

“It’s the best example of information sharing that helps in an operational way,” said Eric Rosenbach, deputy assistant secretary of defense for cyber policy. “We haven’t heard of any other country that’s doing anything like this — a really collaborative relationship between government and private sector.”

Rosenbach conceded the program was not perfect. “We’re definitely not claiming this is the silver bullet when it comes to cyber security for the defense firms,” he said. “It is an additional tool they can use to mitigate some of the risk of attacks.”

 

 .

Kevin Feather, Editor, Dealing with Data Security