Health — News

How to get fired in 2017: Have a security breach

There are many reasons why IT professionals can be fired, but six out of the top nine are related to security. Fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.

Maria Korolov | 19 Jan | Read more

The week in security: Australian Red Cross bleeds private data; DDoS-IoT link prompts high-level concern

A local pitchfest brought together Australian security innovators and some very interesting ideas that reflect the future of Australian infosec. Speakers highlighted the need for curiosity and diversity. Along similar lines, one of Australia’s newest certified cybersecurity experts warned that the security community needs to undergo significant cultural change.

David Braue | 31 Oct | Read more

Why hackers love health apps

Hackers love health apps because their popularity has outpaced the industry's ability to safeguard them. Technology experts discussed the privacy and security risks at a House hearing July 14 with the Energy and Commerce subcommittee.

Xuanyan Ouyang | 27 Jul | Read more

2016: The year we strike back

In an IT-security industry that is rife with 'year of' predictions – the year of spam, the year of the advanced persistent threat (APT), the year of ransomware – there may be some comfort in the observation that, so far, 2016 is turning out to be the year of fighting back.

David Braue | 02 Jun | Read more

The week in security: 8 in 10 health apps insecure; ISIS sidesteps backdoor debate

The new year is always a good time for new beginnings – and this includes reviewing your security policies to ensure they're up to date with your changing business. CSO offers a range of policy templates and tools to give you best-practice guidance to get you started, while newly-minted security interest Forcepoint was working to equip CSOs with a better metric to track organisational security posture when dealing with the board.

David Braue | 18 Jan | Read more

Healthcare data and data breaches: A second opinion:

We've barely begun 2015, yet some security predictions made at the end of last year are already being tested. One of those was a prediction by RSA that criminals will turn their attention to stealing personal health information, and the recent attack on US health insurer Anthem, is just one symptom that it might be happening sooner than our initial diagnosis.

Michael Lee | 12 Feb | Read more

The 2015 Social Engineering Survival Guide

Despite being an integral aspect of many, if not most, major attacks, social engineering tactics always seem to go underappreciated by enterprise security teams. However, it's often easier to trick someone into opening an email and exploiting a vulnerability that way, or convincing an unsuspecting assistant to provide a few useful bits of information, than it is to directly attack a web application or network connection.

George V. Hulme | 23 Jan | Read more

Three elements that every advanced security operations center needs

Security operations centers (SOC) have been around for a while, stretching back to the old room full of live camera feeds. The intent of a SOC is simple: provide the business with the ability to see what is going on in order to take action if necessary. The level of SOC sophistication varied depending on the risks and infrastructure complexity. Consider the humble stretch of road and an analogy for businesses in the very early days of the internet: In low risk, low traffic areas, it was often not necessary to have a constant additional surveillance of this road. Road rules -- basic perimeter-based network security measures like firewalls -- still applied, but it was considered sufficient for any out-of-the-ordinary incidents to be handled reactively.

Michael Lee | 20 Jan | Read more