The reality is that hospitals are a logical hacker target for several reasons. They are susceptible to phishing attacks and insider threats because of the large data flows throughout various systems. They are many points of vulnerability for malware/ransomware extortion because their systems are networked with multiple stations and devices. In addition, most workers in medical facilities are not trained in basic cybersecurity hygiene.
Healthcare cybersecurity is in a state of transformation. As medical care becomes more networked and interconnected via computers and devices, the digital landscape of health administrators, hospitals, and patients, has become increasingly vulnerable.
The cybersecurity healthcare landscape has many facets. These include the information security networks of medical facilities and hospitals, medical equipment and devices, and protection of the privacy of patients. Technologies, processes and people are the cornerstones of the healthcare cybersecurity transformation. Continue reading “Safeguarding Patients and Data In The Evolving Healthcare Cybersecurity Landscape”
In government, there is an extensive infrastructure of agencies geared toward facilitating technology foraging. For specifically enhancing cybersecurity capabilities, there are dedicated research and development efforts being conducted at (among other agencies) the Department of Homeland Security (DHS), the Department of Defense (DOD), the Department of Energy/National Labs (DOE), and in the Intelligence Community (IC).
Technology foraging, or searching for smart ideas and technologies, is a key element of research and development both in the public and private sectors. It serves as a basis for discoveries of new products, applications, and processes brought to the marketplace. There are many hidden treasures yet to be discovered, commercialized, licensed and integrated into technology solutions. Foraging can impact all innovations across the emerging technology spectrum, including in cybersecurity areas. Continue reading “Technology Foraging for Cybersecurity Solutions”
The challenge at hand, to ameliorate the shortage of cybersecurity professionals and close the gender gap, is to educate, train, and facilitate women to fill the pipeline for a qualified information security workforce.
There are huge, growing demands for a modern cybersecurity workforce in both the private and public sectors; there is also a significant shortage of skilled professionals. There is an especially wide gender gap in cybersecurity and in many technology jobs as well. But this is a gap that can, and should, be closed. Continue reading “The Gender Gap in Cybersecurity Can, and Should Be, Closed”
Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”
On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability.  NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”
“Our nation is being challenged as never before to defend its interests and values in cyberspace. Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”
—Admiral Mike Rogers, Head of US Cyber Command September 9, 2015
A very recent article in the UK publication The Guardian, entitled “Stuxnet-style code signing of malware becomes darknet cottage industry,”  raises the specter of bad actors purchasing digital code signatures, enabling their malicious code to be viewed as “trusted” by most operating systems and computers. Two recent high profile hacks utilized false or stolen signatures: Stuxnet, the code used to sabotage the Iranian nuclear program, allegedly jointly developed by America and Israel, and the Sony hack which was allegedly perpetrated by the government of North Korea. Both of these instances involve sovereign states, with effectively unlimited resources. Continue reading “Navigating the Cybersecurity Storm in 2016”