The Root of the Problem: How to Prevent Security Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.wired.com/2015/02/the-root-of-the-security-problem/

Anthem, the second largest health insurance company in the U.S., announced
a massive data breach on Feb. 5. An estimated 80 million customers and
employees of multiple health plans were affected, the Wall Street Journal
reported.

It’s déjà vu.

In addition to big name breaches over the past year including Target, Home
Depot, and JP Morgan, almost half of U.S. companies have experienced a
security breach of some sort in the past year, according to a report
published by the Ponemon Institute in September 2014. What’s more, a report
from the Identity Theft Resource Center found a record number of security
attacks in the U.S. in 2014.

The report also found that health and medical companies are becoming bigger
targets, accounting for 42.5 percent of reported breaches last year. And in
healthcare attacks, the stakes are higher.

In the Anthem breach, hackers accessed names, birthdays, addresses, social
security numbers, email addresses, and employment information, the company
disclosed in a statement. It’s a recipe for identity theft disaster.

Although there is currently no evidence that any medical or financial
information was exposed, and the company quickly notified the public after
discovering the attack, the breach highlights a serious problem in the IT
industry.

What’s Causing the Data Security Problem?

IT security specialists and engineers with sophisticated skills are needed
to prevent and defend against sophisticated cyberattacks. But tech talent
with these skills are hard to find.

In 2013, 2,500 job postings for information security analysts were open in
New York City alone, according to a report from JPMorgan Chase & Co.

In healthcare specifically, the problem is complicated by a few factors:

Competition. In healthcare IT, the competition for top security specialists
is fierce. As electronic medical records are adopted by more and more
health systems, hospitals, and companies, more security talent is needed to
protect sensitive patient information.

Budget issues. As a result of the growing need for talent and the short
supply of qualified professionals, salaries for security engineers are
skyrocketing, and many healthcare organizations can’t afford to hire
experts.

Outdated technology. Healthcare organizations are more susceptible to these
attacks as they are usually years behind other industries in their adoption
of new technology and software.

What Can Be Done to Avoid These Breaches?

To fix the data breach problem, companies can take a few steps to better
hire for and invest in their IT department:

Invest in education. Part of the problem stems from a disconnect in how IT
firms hire talent. Many employers value experience over education, and
young, promising professionals are ignored for positions that require
advanced skills.

Building stronger partnerships between employers and colleges and
universities can help to better train the next generation of security
experts. These relationships can foster expanded internship programs and
training opportunities to groom young professionals and connect them with
the employers who need them.

Investing in additional training, professional development, and workshops
for existing staff can also help to boost security. To stay ahead of
hackers, specialists need to be up-to-date on the latest technology and
software.

Think globally. Hiring tech talent outside of the U.S. can also help to
solve the security talent crisis. Thinking globally widens the talent pool
and could lower the price of top talent. The recruiting process will take
more time and effort and securing a visa might be difficult, but the end
result could be worth it.

Hackers will always be out there, adapting to the newest, most complex
technology and software. To prevent data breaches, we need to start at the
root of the problem. Invest in security and your IT team and emphasize the
importance of education. We’re going to need as many talented professionals
as we can get.

What do you think? How can the industry fix the data breach problem?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!