Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse

This article details a disturbing trend in Health Care and Academia concerning an utter lack of cyber preparedness.  From a health care perspective, from my experience, I believe this problem is largely fed by the false comfort provided by compliance efforts.  More specifically, the concept of Meaningful Use has lulled medical providers into thinking they are actually safe from attack or breach.  This problem is further exacerbated by the false sense of security provided by cyber insurance policies.

Businesses desperately need to realize that compliance does not by any stretch of the imagination mean you are secure.  Insurance cannot protect your reputation or insulate you from the follow up events after your policy has been cancelled due to a breach.  The threat must be taken seriously and addressed accordingly with valid IT security measures grounded in a best practices approach.

http://www.darkreading.com/risk/healthcare-is-ignoring-cyber-risk-intel-academia-even-worse–/a/d-id/1319702

Cybercrime Is Now More Profitable Than The Drug Trade

The headline of this article says a great deal about where we are as a society in our war against cyber crime.  Deeper into this article, you will see statements about the lack of confidence many institutions have in the face of these threats.  Now is the time to act.  Take your IT Security seriously.  PCI DSS 3.0 is another strong step in the right direction, but compliance is not a panacea.  A lowest common denominator approach will leave you vulnerable.  You can’t simply lock the front door and hope you are safe.  Criminals know you have a back porch and are willing to climb through an open window.

http://www.tripwire.com/state-of-security/regulatory-compliance/pci/cybercrime-is-now-more-profitable-than-the-drug-trade/

Man escapes from jail after sending fake bail email

This article was simply too good not to share and shows the lengths to which criminals can and will go in creating an effective phishing or spoofing mechanism.  Don’t lose sight of the fact that this individual successfully social engineered his way out of prison while actively incarcerated.  Imagine what a good criminal can do from the comfort of his or her own home.

https://nakedsecurity.sophos.com/2015/03/31/man-escapes-from-jail-after-sending-fake-bail-email/

Worst Sports-Related Passwords

Given all the fun currently underway with the NCAA tournaments, I thought this would be a worthy article to pass along.  Password management is always an important conversation and these sports related passwords are important to note and avoid.  Remember the value of a good passphrase.  “Wildcats” as a password can get you in trouble, but “IwanttheWildcatstolose!” will keep you much safer.

http://www.darkreading.com/endpoint/worst-sports-related-passwords-/d/d-id/1319578

Bankrupt RadioShack to Auction Off Millions of Customer Records

I read this content from a couple of sources over the last two days and continue to be disturbed each time I see it come up on my feeds.  I understand the profitability surrounding the data RadioShack is auctioning off, but it beyond unethical for them to go down this path given the privacy agreement that led to the collection of the data to begin with.  This is yet another example of the nature of data once provided to 3rd parties.  Be aware and prepared.  That audio cable you purchased 12 years ago for your home stereo may lead to your addition to several less than savory email lists.

http://www.tripwire.com/state-of-security/latest-security-news/bankrupt-radioshack-to-auction-off-millions-of-customer-records/