Valuable insights and thought leadership.
- Breadcrumb News
- In The News
In the wake of Hurricane Harvey, American’s have rushed to issue support for those victimized by the devastating storm. People all over the country are donating to Harvey disaster relief efforts, but law enforcement officials and consumer watchdogs urge caution. When tragedy strikes, criminals invariably prey on people’s best intentions.
The Justice Department’s National Center for Disaster Fraud (NCDF), which was established to crack down on scams following Hurricane Katrina, released a statement on Wednesday warning of post-Harvey charity fraud. Scammers have been using Hurricane Harvey-themed messages to trick people into opening phishing emails and links on social media sites, which can steal login information, infect machines with malware, or con victims out of money.
Security comes down to three things: people, process, and technology. Process and technology, are largely handled by senior management and the IT department. Yet, people remain the leading cause of data and security breaches, with human error responsible for 52 percent of such incidents.
While this high rate of incidence is largely due to a lack of training – which we’ll discuss in our next post – the process must begin by developing a company culture that values data security.
The responsibility for protecting the company’s assets, including employee and customer data, is one that must begin to be seen as shared rather than assigned.
You wouldn’t take a road trip without first checking your oil and tire pressure, or fly in an airplane that hasn’t had its regular safety check. Similarly, you shouldn’t initiate company culture change without first assessing your current security posture. The initial assessment will expose critical risk factors and set the course for policy and procedure updates. Some organizations embark on a program to strengthen their security infrastructure without first performing a comprehensive assessment. That’s a mistake. They risk misallocating resources and failing to address their most critical vulnerabilities.
The rise in corporate cyber-attacks costs businesses billions of dollars. From startups to large publicly-traded corporations, it is rare that a day goes by without another story of a cybersecurity breach.
A quality IT department or outsourced IT firm is the first step in the defense against cyber threats. These professionals implement the basic tools to prevent many attacks. However, even with the most well trained, staffed, and funded IT department, your business remains just one click away from undermining those protections.
For decades, the technology industry has been on a pursuit for the holy grail of prevention. The notion was that if you spent enough money, then you could stop a breach. If you simply did what your IT vendor said, bought that new firewall, upgraded your software, etc., then you’d be safe. Today’s reality? This couldn’t be further from the truth. While prevention is crucial, it’s not enough. You simply cannot spend enough money to prevent your organization from becoming a victim. There is no such thing as a ‘secure network’, only varying levels of insecurity.
After two years of steadily increasing cyber threats that resulted in record numbers of compromised patient information, financially extorted health organizations, and publicly disrupted hospital operations, it is clear that cybersecurity is a major concern for healthcare executives in 2017 and beyond.
According to Karthik Swarnam, AT&T Vice President of Security Architecture, “Cybercrime damages are expected to rise to $6 trillion annually by 2021. This represents the greatest transfer of economic wealth in history and risks the incentives for innovation and investment.” The healthcare industry has become a prime target for cyber attacks, facing security issues that have financial and reputational impact for hospitals and other healthcare institutions.