As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud
"The COVID-19 pandemic has pushed healthcare organizations to make telehealth a top priority. As they do, they're forced to confront privacy concerns related to information access, usage, and alteration, as well as the security of public cloud services where health data is stored.
As the Cloud Security Alliance (CSA) explains in a new report on protection of health data, "telemedicine" and "telehealth" should not be used interchangeably. The former refers to the clinical diagnosis and monitoring by technology; the latter has a broader definition..."
There are significant shortfalls in enterprise domain security practices, putting organizations' internet-facing digital assets at risk to threats, including domain name and DNS hijacking, phishing, and other fraudulent activity, a CSC report reveals
"According to the report, 83% of Global 2000 organizations have not adopted basic domain security measures such as registry lock, which puts them at risk for domain name hijacking.
The report indicates a wide industry disparity in domain security maturity with information technology and media and entertainment industries more likely to embrace available security controls, while industries such as materials and real estate trail behind..."
Home routers, printers, security systems, DVRs, gaming consoles and other smart devices can significantly change the threat model for the corporate network
"Many employees at businesses worldwide have been forced to work from home because of COVID-19 related social distancing mandates. The security of employee home networks, and of the devices connected to them, are becoming increasingly important considerations for organizations that need to continue to support a large remote workforce for the foreseeable future..."
Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework
"Years ago, when users required access to a specific system, application or other corporate resource, they were provided a username and password tied to the access level they needed.
While this was a viable option when the number of IT services was small, it didn't take long before the number of accounts a user had to manage reached a dozen or more. To keep track of all these account usernames and passwords, many end users resorted to writing down their account information on sticky notes that they stuck to their monitors for all to see. Understandably, this type of password management is a big no-no by anyone's security standards. Thus, IT needed a way to better manage the growing number of user accounts. The answer was identity and access management (IAM)..."
The coronavirus pandemic has forced changes for much of the business world, cybersecurity included. What can we expect going forward?
"From the way restaurants operate to how sports are played, many people expect life to operate a whole lot differently in the pandemic's aftermath. The big question for us, though, is what will the new normal be for those in cybersecurity?
"I think it's worth pointing out that there's only two ways security changes: a fundamental change in the business environment - because security is there for business - or if the threat changes," says Bryson Bort, founder of SCYTHE and GRIMM, and co-founder of the ICS Village. "On the first point, clearly business will be different going forward. I think we finally crossed a Rubicon for remote workers, which changes the threat surface."
While digital transformation is understood to be critical, its rapid adoption, as seen with cloud providers, IoT and shadow IT, is creating significant cyber risk for most organizations
"Today, these vulnerabilities are only exacerbated by misalignment between IT security professionals and the C-suite.
The research by CyberGRX and Ponemon Institute surveyed 900 IT security professionals and C-level executives covering financial, healthcare, industrial, public sector and retail industries..."
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget
"It's unavoidable: New projects require budgets. To justify the expense, any budget spent on new technology needs to be designed to lower the risk profile. Or the problem might be an inefficiency in the program that can be better addressed with new technology. So, how can CISOs understand how best to optimize their limited pool of security budget? I sat down with Brett Wahlin, the CISO of Amazon Prime Video, to discuss the topic..."
See all Archived IT - Security articles
See all articles from this issue