February 11, 2018 - Eugene, Oregon
The Second Line of Defense
There are so many existing solutions offering ‘data security’ protection today. It can be very difficult, let alone challenging, to wade through an understanding of what they actually do and how any one or several can help you achieve a ‘real sense of security’ for the data in your business. One of the first aspects of defining your data security strategy is when and where to be ‘Proactive’ versus ‘Reactive’.
A data security professional tasked with providing secure access and data protection may find the solutions available are plentiful, complex and confusing. Do you use SIEM, IAM, some version of UEBM or a combination?
Each of these are critical to providing Data Perimeter Security; enabling authorized access to critical systems so that business can be conducted both internally and externally. Data security professionals manage devices, people, various entities authorized to access applications and data at the core of the missions critical systems required to make business happy safely and securely.
When you take a good look at your Data Security Profile; you’ll either see a complex array of solutions and systems woven together in a layered protective architecture, or you’ll see a patchwork of minimal components that may or may not provide the security and protection you really need or want.
Are you faced with gaps in your current data security architecture? If you could fill those gaps with a cost-effective, platform-independent encryption solution with key management and tokenization to protect your business data today, would you? Could you afford not to?
The successful cyberattacks of 2017 demonstrated the following: cyber criminals are getting more sophisticated, the profile of those attacked is widespread and indiscriminate, ranging from the enterprise, to small and medium businesses, as well as individuals. With the emerging Internet of Things (IoT) used to access business and personal data, transactions, and Cloud-based services, the one common variable is ‘wetware’, the device between the keyboard/touchscreen and the seat – the Human Factor.
When a cyberattack occurs inside the healthcare Industry, personal, medical, and even financial information are often stolen, making for a highly desired data set that can be used for identity theft, medical fraud, financial misdemeanors, tax fraud and insurance fraud. In many instances the data is auctioned off to the highest bidder resulting in even greater damage than typical financial data breaches and theft.
Healthcare IT systems are often more prone to breaches than any other industry IT systems due primarily to the underinvestment in maintaining up-to-date operating systems and devices. In spite of regulations like HIPPA, HITECH ACT, ARRA, ACA and the HIPAA OMNIBUS RULE, the healthcare industry continues to struggle with the balance between regulations, patient confidentiality, and adapting to new technologies. This resistance to change is especially challenging because there are constant changes to service provider networks, insurance companies, and medical device technologies. The use of mobile access, which now allows these technologies to work together, adds an additional layer of complexity to protecting sensitive data. Combined, all of these frequent changes within the technological landscape effect everyone and every aspect of doing business within the healthcare industry.
If your organization is big enough to mandate a data security audit, it’s big enough to be a target for a variety of cybercriminals, hackers, identity thieves, or any other bad guys lurking around the Internet. Making sure your organization can pass a data security audit isn’t just a good idea—it’s a great way to prevent and deflect cyberattacks, saving you a great deal of time and money in averted data and public relations damage control.
Surprisingly, many organizations fail data security audits. This can occur when the organization does not have adequate notice or is not properly prepared for an examination. On the flip side, just because an organization passes a data security audit does not necessarily mean they are completely prepared for attacks either. One thing is for sure, failing an audit is a sure sign there is a weak link inside the organization’s cybersecurity and encryption strategy.
With 90% of employees violating data breach prevention policies, how do you get the attention of your employees to avoid the same mistakes?
The biggest threat to your firm’s data security might not be hackers in Russia or China; it could be much closer than you think. It could be your own employees. Your employees are the ones who constantly use, work with, transfer, and create sensitive organizational data on a daily basis, so it makes sense that they’re the ones who are most likely to accidentally (or intentionally) expose important information.