Recently, LinkedIn pointed out that their data breach from 2012 was much larger than first thought. In 2012, it was reported that a hacker compromised 6.5 million passwords. However, this week the new total of weakly encrypted passwords totals more than 117 million, after it was confirmed that the information was being sold on a dark web marketplace.
Earlier this month Jivika Govil wrote a blog that covered the expanding reach of the financial services regulators and the growing challenges with vendor risk management. Looking beyond the financial sector, the tidal wave of cloud services, the continued proliferation of ‘shadow IT’, and the general ease with which non-IT business leaders can solve their own business problems with lightweight, mobile, or cloud applications is putting more and more of the risk burden on vendor management.
The rising movement of audit and regulatory screening of financial institutions – which was triggered by global financial crisis in the past – has now reached beyond insurance companies, commercial banks and investment trusts. The tide of major bank agencies (Office of the Comptroller of the Currency, Consumer Financial Protection Bureau, Federal Deposit Insurance Corp. and Federal Reserve) have required banks to increase the oversight of vendors which are deemed crucial to their operations.
We started this series of blog posts talking about protecting your digital assets by building security into the very fabric of your enterprise. Let’s expand on implementing a data-centric security program, and specifically on encryption. Encryption in one form or another has existed for thousands of years for one reason – it works. However, scytales and transposition cyphers are no longer sufficient when data is fluid and flows freely not only across your network but also mobile devices and the cloud alike. This is complicated by the fact that intruders have likely already breached your defenses.
The coverage and ensuing public fascination with the outage at Hollywood Presbyterian did as much to showcase the capabilities of well-written malicious software as it did to highlight the vulnerabilities of healthcare technology. By the end of the week, maybe your CEO had heard enough to wonder if the methods used to attack the Hollywood organization could be used to wreak havoc at yours.