These are important statistics to keep in mind when developing a strategy for defending medical records or general PII held by medical and healthcare providers. This info is certainly sobering.
I am posting this article not because I believe that all the premium Linkedin customers need to run out and lay claim to their $1 payout. I am posting it because I believe it is important that we continue to point out that services providers and retailers and businesses in general have a responsibility to protect customer data through sound industry best practices.
This article does a great job outlining the truth of a data breach – it is about much more than just the losses suffered by the customer and there is a ton that can be learned after the fact. The post mortem is an important part of security analysis.
As more and more information comes out about this attack and the malware used for infiltration, better defensive strategies can be developed and mitigation controls implemented. Financial institutions and IT security professionals supporting these institutions should take note and take action.
This is not a terribly surprising revelation in the grand scheme of things. At the end of the day, attackers still prefer target rich environments and Windows is still the most prevalent platform to target. That said, vulnerabilities should be taken seriously on every platform because issues like spear phishing exist and criminals are more than willing to adjust their attack vector if the target is worth enough.
This is an intriguing new chapter in the Edward Snowden saga and the potential data captured and leveraged by the federal government. This article speaks specifically to the value of access to cryptographic keys that secure SIM cards and what that means to privacy.