Archive for the ‘safeguard vital data’ Category

Preparing for GDPR – Navigating a Perfect storm in Healthcare

June 28th, 2017

This is the fifth in a series of blog posts designed to help enterprise security and business executives prepare for GDPR throughout 2017

Recent ransomware incidents have put a spotlight firmly on the state of security within healthcare and there’s a perception that this industry is trailing others. Is that fair?

If we look at data loss prevention (DLP), which is particularly relevant with GDPR now less than a year away, then the 2016 Data Protection Benchmark Study from the Ponemon Institute, sponsored by McAfee, sheds some light. It puts healthcare “running about six months behind other industries” in terms of DLP deployment length and maturity.

And that’s important, not just because healthcare can be a matter of life and death, but because of the value of that particular data. Ponemon puts an average value of $355 on each patient record.

Meanwhile healthcare comes in second to only financial services in Verizon’s 2017 Data Breach Investigations Report, accounting for 15 per cent of all breaches.

So is this a perfect storm? On the one hand GDPR will mean significant penalties and a consistent framework to adhere to, while on the other hand the bad guys see an industry with valuable data that could be better protected.

Intel’s recent research, of 88 healthcare and life sciences organisations spanning nine countries, highlights a staggering range in readiness for attacks by ransomware, for example, judging by the number of relevant security capabilities these organisations have in place. It may seem strange to connect a discussion on GDPR and ransomware but it makes sense. What is ransomware if not a denial of service against data and how can you be sure that attackers can’t access the data they just encrypted? If you can’t stop the ransomware in the first place, there is a good chance you can’t stop the exfiltration in the next phase of the attack.

However, there are sensible steps the healthcare industry can take to become GDPR-ready. For these causes of data loss in healthcare, for example, Verizon’s report recommends specific actions:

Miscellaneous errors – which in 76 per cent of cases are embarrassingly pointed out by a customer – Have, and enforce, a formal procedure for disposing of anything that might contain sensitive data. And establish a four-eyes policy for publishing information.

Physical theft and loss – Encrypt wherever possible data at rest and establish handling procedures for printing out sensitive data.

Insider and privilege misuse – Implement limiting, logging and monitoring of use, and watch out for large data transfers and use of USB devices.

(Source: Verizon 2017 Data Breach Investigations Report.)

We would more broadly add that you can’t protect what you can’t detect. Visibility is key. As the Ponemon research put it, DLP solutions should cover data at rest, in processing and in motion, on the corporate network, endpoints and clouds. They form the basis of a good data security programme. Adequate staffing is also important and while automation and machine learning will help, they cannot replace staff entirely.

Some final guidance: Organisations can protect their sensitive data and be more likely to be GDPR-ready by taking these five critical steps:

  • Conduct an Impact and Readiness assessment
  • Review current data security programme to ensure you can prevent accidental and malicious data theft attempts
  • Assess application and DevOps security controls and procedures
  • Review your use of cloud infrastructure and software-as-a-service to minimise exposure to data loss
  • Develop specific data breach detection and response capability in the SOC

The post Preparing for GDPR – Navigating a Perfect storm in Healthcare appeared first on McAfee Blogs.

Posted in GDPR, healthcare, Safeguard Data, safeguard vital data | Comments (0)

Who Let the Data Out? Who, Who, Who, Who? (Part 3 of 3)

November 29th, 2016

It feels like the last song of the concert—this is the final blog in our cybersecurity benchmark series! As every good detective starts with information, we’ve been digging into the classic six “w” questions: who, what, when, where, why, and how. To find those answers for security professionals, data was combined from Ponemon Institute’s global survey of IT decision makers, the Verizon DBIR, and Grand Theft Data: 2015 Intel Security Data Exfiltration Study.

If you’re just tuning in, catch up on our previous blogs. Now we’ll turn our attention to assess how cybersecurity teams are performing and areas for improvement. It’s also the last of our security-related song titles, so get ready for the final countdown!

A Hard Day’s Cybersecurity Focus

We know that that cybersecurity threats are on the rise, so where are companies focusing their efforts? The most likely exfiltration methods are clearly on their radar. Of all companies, 70% monitor for suspicious emails and 50% for inappropriate access to sensitive data. But these numbers should be higher given the prominence of these threats. From the other side, over 25% of companies don’t monitor access to employee or customer data, and only 37% monitor for both. The reality is, holistic monitoring still isn’t reality for most.

Truthfully speaking, many organizations face difficulty with configuring security solutions. In fact, for 65% of teams that don’t understand how the technology works, personally identifiable information isn’t being watched! That’s certainly a concern given the rising demand for such data.

So where should organizations focus their efforts? Certain business events invite greater risk, and it’s important to identify these. New product launches and strategic planning contain more sensitive data. It’s no surprise incidents are related. But companies have tuned into that fact, and the rise of related incidents has been relatively minor. However, other events are now driving more and more data loss. Quarterly reports and other financial disclosures are prime targets. And the use of social media by employees is also a driver—unique in its ability to generate sources for cyber-crooks. Clearly, the industry needs a hard day’s focus.

Treat You Better, Monitoring Solutions

In assessing the adequacy of security defenses, false negatives are a key signal. We gain insight by considering, among organizations that use data loss prevention solutions, how many breaches still occur. This question tells us whether good tools and best practices are actually making a difference, or if organizations are naive and unaware of occurring incidents.

To answer that question, let’s first recall a fact from the first blog. Remember how an increasing percentage of breaches are being discovered by external sources? They have more detection methods, and can generate a composite view of victims’ data loss. And by external measures, among those who don’t know how monitoring technology works, 23% are unsure if they suffer data loss. Shockingly, the remaining 77% of this group believe they’re not suffering any data loss. Such a bold belief is dangerous. Numbers clearly show incidents are on the rise — there seems to be a lack of proper monitoring in many organizations.

Walk On the Secure Side

Before we getting into our final suggestions, let’s review the state of the industry. To start, it’s noticeable that the gap between data loss and its discovery is widening—especially among internal teams. Additionally, while industries with payment information have been most targeted in the past, their loss prevention systems are maturing. Demand is now increasing for personally identifiable information, health data, and intellectual property. And among data types, unstructured formats are particularly difficult to monitor with regular expressions. This makes simple configurations risky. Physical media also shouldn’t be underestimated, accounting for the second highest number of incidents. What’s the takeaway? All things considered, visibility is becoming increasingly crucial.

But there’s good news. Organizations can employ a host of tactics to bolster their defenses. The process should start with business requirements: identifying which data is most sensitive. Once that’s been done, server and endpoint scanning technologies can monitor for relevant information. Teams can further use classification tools, security notifications, and value recognition to maintain awareness. And the movement of crucial data can be flagged when not part of a normal business process. With justification screens, users can also better understand what is acceptable and what is not. Finally, after assigning owners and separating duties, policies can block suspicious data transfers.

By using an intelligent plan for data loss prevention, organizations can truly be resilient in the face of increasing threats. Surely, that will have cybercriminals singing to a different tune.

That’s a wrap for this blog series! To stay informed, follow @IntelSecurity and @IntelSec­_Biz for the latest. And as always, feel free to tweet any thoughts or questions with the hashtag #WhoLetTheDataOut.

The post Who Let the Data Out? Who, Who, Who, Who? (Part 3 of 3) appeared first on McAfee Blogs.

Posted in data exfiltration, data protection, risk management, Safeguard Data, safeguard vital data, Verizon Data Breach Investigations Report | Comments (0)