Healthcare Data Breaches Have Grown 125 Percent in Five Years

By | May 26th, 2015|Breach, Uncategorized|

Healthcare BreachThere has been a noticeable uptick in the number of criminal attacks against healthcare facilities in the last five years. Ponemon recently released its Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, which shared a 125 percent increase in cyber attacks targeting healthcare data. The major shift in healthcare data breaches, according to the study, is that cyber criminals are intentionally targeting and exploiting healthcare data rather than accidentally coming across it during their exploits.

This shift in active pursuit of healthcare data shows that cyber criminals understand the value of healthcare data on the black market. Through our recent research, we have found that a medical identity, which includes a name, address, Social Security and health ID numbers, sells for $50 on the black market. A Social Security number sells for $1 and an active credit card sells for $3. A major contributing factor to the increase in healthcare breaches may also be due to the shift to digital healthcare records. Starting this year, healthcare facilities that do not show “meaningful use” of electronic health records are penalized, causing facilities to scramble to put records online.

The healthcare industry is a green market when it comes to following best security practices, which is why we’ve put together the top three ways healthcare organizations can keep their patient records secure:

  1. Educate employees. The most important part of having a secure network is making sure your employees are compliant with security standards. Educate employees on how medical identity theft happens and what to do from a HIPAA standpoint to keep patient data safe.
  1. Track, encrypt and password-protect mobile devices. Employees are connected via mobile devices more than ever, whether or not you have a formal BYOD policy. Be sure to create a policy that puts strict limits on how patient data can be viewed and shared on devices.
  1. Create an identity crisis response plan. If your healthcare data is breached, make sure to have a crisis plan in place, including communication with patients. Maintain the plan by training staff on relevant policies and procedures.

Are you surprised by the value of medical identities on the black market? How else can the healthcare industry get up to speed on best security practices? Let us know what you think on Facebook, Twitter and LinkedIn.

Cyber Monday Shopping Tips

By | November 28th, 2014|Uncategorized|

Cyber MondayCyber Monday’s coming up – fast. Shoppers may be feeling a little antsy because of the major retailer breaches that have occurred over the past year, especially the Target breach that happened right around this busy time last year. We’re determined to see a breach-free shopping season this winter, so here are a few suggestions to take into consideration as you gear up for Monday’s online shopping extravaganza.

Purchase on a safe network
Planning on doing some online shopping on Cyber Monday? Avoid making purchases on public Wi-Fi – like in a coffee shop – and stick to making purchases while you are at home on a secure network. Public Wi-Fi hot spots are susceptible to man-in-the-middle attacks that allow cyber criminals to intercept your personal and credit information when you are making an online purchase.

Look out for phishing attempts
Cyber criminals will be using email phishing scams, enticing consumers with hot holiday deals to get them to click on an insecure URL. Look up store deals by going directly to the website of that business.

Don’t store credit card information
Many websites will want you to store credit card information for an easy, one-click purchase experience. While it sounds convenient, storing your credit card also create unnecessary risk. If you lose your mobile device or if an online account is compromised, cyber criminals will have easy access to the stored credit card information. To take this a step further, consider encouraging your favorite shopping sites to store their data in dedicated servers, as these servers can help prevent cyber criminals from gaining access to any credit card information. 

Reset passwords
Reset passwords for high value accounts like email, social media and banking accounts after Cyber Monday. Use unique, long and strong password combinations. This will help ensure that even if there is a breach, these high value accounts will remain safe.

Use reputable retail sites to shop
Look for HTTPS in the URL to make sure the site is safe while you’re shopping. Stick to retailers you know are reputable, have good return policies and are secure.

Use a credit card for online purchases
It’s much more difficult to recover money lost due to fraudulent purchases on debit cards compared to credit cards. Use a credit card in preparation for the worst-case scenario – a retail breach.

Any additional security best practices you plan on using this Cyber Monday? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Cyber Security Takeaways From South By Southwest Interactive

By | March 20th, 2014|Uncategorized|

Cyber security was a hot topic this year at South by Southwest Interactive (SXSWi), the digital, film and music festival held in our headquartered city of Austin, TX. We took part in the security discussions by sharing some mobile security tips, hosting a networking party Saturday night and participating in three SXSWi panels. Take a look at our SXSWi activities and what we learned

SXSWi PostCSID President Joe Ross and CIO Adam Tyler Shared Mobile Security Tips

Prior to the festival starting, Joe and Adam got behind the mic and in front of the camera to share mobile security tips. Joe on KLBJ radio and Adam on KXAN News, both discussed how a large event like SXSWi attracts cyber criminals as there is an onslaught of out-of-towners and a tendency for conference-goers to use public Wi-Fi. Here are a few suggestions they shared with the audiences to help protect against mobile risks during the festival:

  • Avoid using public Wi-Fi and use a VPN for added security, if possible.
  • Use a different mobile passcode during the festival and then change it back to your original code when you travel home.
  • Be cautious about downloading new apps during the festival. Always download apps from a credible app store.

We Hosted Our Annual “Protect Your Buzz” SXSWi Party

We held our annual “Protect Your Buzz” party at Star Bar on Saturday during SXSWi and had a chance to connect with security professionals, strengthen partner relationships and celebrate our hardworking employees. And as always, we enjoyed food from our favorite Tex Mex caterer– Valentina’s!

CSID CIO Adam Tyler Demonstrated the Power of a Malicious $20 Hacked Router

In his “When Good Technology Goes Bad: Mobile Technology” solo panel, CSID CIO Adam Tyler showed how inexpensive, readily available technology can be hacked into a malicious device used to create “man-in-the-middle” attacks. Here are the key takeaways from his panel:

  • If you must connect to Wi-Fi on your laptop, take a moment at the end of your session to “forget” the network. This can help you avoid man-in-the-middle attacks that allow malicious technology to connect to your device via past networks. Smartphones and tablets, however, do not have the capability to “forget” networks, so the best policy is to not connect to public Wi-Fi at all.
  • Make sure your mobile device does not automatically connect to Wi-Fi. You should always manually choose a secure Wi-Fi connection on your device.
  • While technology can be manipulated into malicious devices, you should never be afraid of using technology. In fact, the better informed you are about technology, the better armed you are to protect against the bad.

Internet Privacy Lawyer Parry Aftab Partnered with CSID to Talk Reputation

The hour-long SXSWi panel, “That Was the Old Me: Managing Online Reputation,” featured CSID’s VP of Product and Marketing Bryan Hjelm and renowned Internet privacy lawyer Parry Aftab. They discussed how personal and business digital presences have evolved in our fast-paced world and the implications of a damaged online reputation. Some crucial lessons:

  • Suppression services can help hide unwanted, and many times untrue, articles, web profiles, etc. that can hurt a reputation.
  • Hiring managers are looking at social media more than ever to determine whether a candidate is fit for a job.
  • The excessive reuse of passwords across multiple websites and the frequency with which teens share their passwords can put many at risk for identity theft, which can lead to damaged reputations as well as injured credit.

Two Child Online Safety Advocates Discussed Child ID Theft in a Roundtable Discussion

In CSID’s third security panel, “Growing Up Unprotected: Child ID Theft,” CEO of Inflection Point Global Chris Crosby and CEO of Lookout Social Clay Nichols discussed how child ID theft should be a top privacy concern for parents. Here are some lessons learned from the discussion:

  • Children have a digital footprint before they are even born! This early digital footprint can make cyber criminals aware of a fresh identity on which to prey.
  • Many parents are unaware that child identity theft is a growing problem, since there are many other frightening cyber challenges they face, such as cyber bulling.
  • To combat cyber criminals, parents can start the digital safety conversation early with children. Let kids know why they should not share their passwords with others and educate them on what is appropriate to post on social media.

News Recap: Realities of Cyber Threats Continue to Concern Financial Sector

By | March 14th, 2014|Uncategorized|

blog_031314As companies and organizations continue to fall prey to cyber attacks, the financial sector is on high alert and hoping for changes that might alleviate their worst fears.

John McCrank of the Chicago Tribune reported on how the current state of cyber security is impacting the world’s exchanges. McCrank quotes Magnus Bocker, chief executive of Singapore Exchange Ltd, saying, “We are worried a lot and we are far more worried now than we were just a couple of years ago. Spending on cyber security is on the rise, but exchanges need to do a better job of sharing information with each other on effective ways of combating cyber criminals.” Meanwhile Jeffrey Sprecher, head of New York Stock Exchange comments, “The scary thing for us is not what we control, because we all are focused on it… The reality is we all have common customers that are connected to us, that are connected to each other.”

Vipal Monga of the Wall Street Journal shares the concerns of financial consultants, quoting principal of Rudolph Financial Consulting, Max Rudolph: “Risk managers have become more aware of general vulnerabilities in their computer networks and will likely continue emphasizing the risk to their corporate boards and management.” Monga writes, “Almost half of risk managers saw cyber security as an emerging risk in 2013, up from 40% in 2012, according to a survey released Thursday by the Society of Actuaries.” Monga concludes by mentioning the surprising fact that, for risk managers, the greatest concern in the cyber security conversation is the potential for regulatory changes to negatively impact the nation’s financial growth, as many believe the worst of our financial crisis is in the past.

What sort of defenses should the financial sector be promoting to protect the exchanges from cyber threats? Are there any regulatory measures that should be enacted in order to provide added security? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Combating Cyberterrorism with Cyber Security

By | March 5th, 2014|Uncategorized|

Ginger Guest PostThis guest blog post comes from Ginger Hill, associate content editor at and Security Products magazine.

As I sat in the classroom at GovSec West 2013 listening to Jeff Snyder, VP of cyber programs at Raytheon, talk about cyber threats and remediation, I quickly learned that we have no global laws to fight cyberterrorism. With the eroding economic viability of America, cyber threats are increasingly targeting critical infrastructures and major systems. The cyber criminal’s mentality is: why invent when you can simply steal?

According to Snyder, China is the number one threat when it comes to cyberterrorism as they have 1-2 million making up their human capital. With such a large number of people, China can carry out their cyber threats, making them into a “cyber reality.”

During his presentation, Snyder frequently brought up the term “cyber resiliency” as an essential part of any security strategy – on a personal, business or national level – to thwart cyberterrorism. Being able to take the hit from cyber terrorists without destroying your entire system and quickly recovering is the key strategy to fighting back. But how do we accomplish such a feat?

I’m going to take the viewpoint of a business and work in suggestions to develop your own personal cyber security plan.

The 3-Pronged Approach to Cyber Security

Dealing with cyber terrorists and cyberterrorism takes a thoroughly thought-out and developed plan, and the willingness to take immediate action, preferably before a terrorist event takes place. The following is a simplistic approach to cyber security:

  1. Do whatever it takes to protect the infrastructure.
  2. Invest to protect your products.
  3. Protect your clients, including their personal data.

Be sure that your infrastructure, whether that is your personal computer, social media and online accounts or the multibillion-dollar waterworks station is protected. Start small. Make sure that all passwords are strong by incorporating capital and lower case letters, numbers and symbols in unlikely combinations. Invest in products that increase system security, like malware protection and virus detection, and use encryption to help protect your client’s personal information.

Taking security to a higher level, consider hiring an ethical hacker to attempt to gain access to your system, and patch any vulnerability immediately. Also consider insider threat monitoring to identify behaviors and anomalies with your system and to help meet human capital demands. It takes a lot of people to adequately protect an organization, just as it takes a large number of people to complete a cyber attack. Therefore, think like a cyber terrorist to beat them at their own game. They use technologies to achieve their terrorist goals, so follow suit and use ethical technologies to battle against their unethical acts and spread security as far as possible within your organization.

Surviving Cyberterrorism

Fighting back against highly sophisticated, intelligent cyber terrorists seems to be a no-win situation, but with the proper technologies, experts and the willingness to respond, exploitation can be minimized.

The following steps teach you exactly what to do before, during and after a cyberterrorism attack.

  1. Anticipate cyber attacks: The question is not if cyber terrorists are going to attack, it’s when. Think about prevention strategies and what you can do now. Do not wait until you are attacked to do something about it because it will be too late.
  2. Respond immediately to enhance business continuity: When attacked, the goal is to keep the business functioning as a cohesive unit at all times. This is possible if you have established your security plan and have practiced what to do before an attack rears its ugly head.
  3. Monitor all systems in real time: Invest in technologies and experts to monitor your systems 24 hours a day, 7 days a week, 365 days a year.
  4. Evolve: Never stop learning ways to survive cyber attacks, and always use each cyber attack as an educational tool to enhance your overall security plan.

Cyberterrorism is a 24/7, 365 days-a-year giant that never sleeps; it doesn’t need to eat and it never stops preying. Developing a multifaceted, layered approach to fight against this giant will minimize exploitation of vulnerabilities, allowing people, organizations and the nation to sleep a little easier at night.

News Recap: Universities Become Cybersecurity Hubs

By | November 26th, 2013|Uncategorized|

university blogA number of universities are investing in the future of combating cybersecurity threats. From increased education for the public, to brand new majors that inspire cyber innovators, the nation’s universities are quickly becoming hubs for cybersecurity.

Cal Poly, for instance, announced a new initiative in cybersecurity education. Dark Reading reported, “the major new educational initiative encompasses a comprehensive and collaborative program that spans the polytechnic university and partners with public and private organizations. The goals of the program include educating thousands of students in cybersecurity awareness and readiness; producing experts in cyber technologies and systems, including many professionals who will serve the military and defense industry; and graduating cyber innovators who are prepared for advanced study and applied research in emerging cyber issues.”

Stephanie Hayes of the Tampa Bay Times outlined hopes for Florida’s cybersecurity hub, which is planned to be located at the University of South Florida in Tampa. Hayes quotes project leaders saying, “The new center would bring it all together. USF would offer a master’s degree in cybersecurity, as well as certificates in subjects such as cyberbehavior, cyberbullying and cybercrime.” Hayes reiterates the point, quoting USF Provost, Ralph Wilcox: “Students and faculty from all over could train and do research there… IT professionals from around the country could come for certifications. Tampa is central to big businesses, plus MacDill Air Force Base. And USF is home to a high number of student veterans.”

What else could our universities be doing to promote, develop and teach cybersecurity? Do you think education will be a strong enough deterrent against cybersecurity threats? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

And if you’re interested in how other types of organizations are stepping up to the plate when it comes to cybersecurity, see last week’s news recap about organizations within the financial industry.

Load More Posts