I am seeing more and more stories about the breaches in the
healthcare industry. What I am not seeing is a strategic push to fix the
problem.
From the Verizon breach report we get to see that most of
the breaches are due to the human element.
The hactivists seemed to be responsible for about 58% of the documented
attacks. Just 4% were attributed to
insiders which means that 1/3 of the breaches were due to the acts of
cybercriminals. The report states that
97% of the breaches could have been avoided by simple “basic or intermediate” security
controls. Or the fact that 69% of the
attacks used malware for access. More than a little sad was the stat of 92% of
the breaches were discovered by a third party. There is the stat of 94%
involved compromised servers. When you couple that with the stat of 85% took
more than two weeks to be discovered.
With the additional information from the breach report it
paints a clear picture that most of the businesses have not started to make data
security priority it needs to be. You
need to look at what the data is and how you need to use it. Then you design the system to protect it and
you. Once the system is built and running, you test it and then retest it to
make sure it works for what you need it to do. Then you monitor the system on a
daily basis looking for the clues that someone is trying to attack you.
It is not as hard as you might think and I firmly believe it
will more cost effective to do than say paying for a breach of data.
No comments:
Post a Comment