31
Jan 17

The Register: Suffered a breach? Expect to lose cash, opportunities, and customers – report

More than a third of organisations that experienced a breach last year reported substantial customer, opportunity and revenue loss.

The finding is one of the key takeaways from the latest edition of Cisco’s annual cybersecurity report, which also suggests that defenders are struggling to improve defences against a growing range of threats.

The vast majority (90 per cent) of breached organisations are improving threat defence technologies and processes following attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security policies.

More than half of organisations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organisations that experienced an attack, the effect can be substantial: 22 per cent of breached organisations lost customers and 29 per cent lost revenue, with 38 per cent of that group losing more than 20 per cent of revenue. A third (33 per cent) of breached organisations lost business opportunities.

More of The Register article from John Leyden


06
Oct 16

AFCOM – Dissecting the Data Center: What Can – and Can’t – Be Moved to the Cloud

Practical approaches on cloud migration from the AFCOM folks. Re-platforming is a great opportunity for the move, but there are others as well, including staff changes, entering new lines of business, and financial drivers.

According to the results of a recent survey of IT professionals, 43 percent of organizations estimate half or more of their IT infrastructure will be in the cloud in the next three to five years. The race to the cloud is picking up steam, but all too often companies begin implementing hybrid IT environments without first considering which workloads make the most sense for which environments.

The bottom line is your business’s decision to migrate workloads and/or applications to the cloud should not be arbitrary. So how do you decide what goes where?

The best time to consider migrating to the cloud is when it’s time to re-platform an application. You should not need to over-engineer any application or workload to fit the cloud. If it’s not broken, why move it? For the purposes of this piece, let’s assume your organization is in the process of re-platforming a number of applications and you are now deciding whether to take advantage of the cloud for these applications. There are a few primary considerations you should think through to determine if moving to the cloud or remaining on-premises is best.

Evaluating What Belongs on the Ground or in the Cloud

First, ask yourself: Is our application or workload self-contained or does it have multiple dependencies? Something like the company blog would be considered a self-contained workload that can easily be migrated to the cloud. At the other extreme, an in-house CRM, for example, requires connectivity to your ERP system and other co-dependent systems. Moving this workload to the cloud would introduce more risk in terms of latency and things that could go wrong.

More of the AFCOM article from Gerardo Dada


05
Oct 16

Data Center Knowledge – Hospital Pays $400,000 HIPAA Breach Penalty for Obsolete ‘Business Associate’ Agreement

HIPAA has teeth. Are your BAAs accurate and up to date?

A Rhode Island hospital agreed this month to pay $550,000 in settlements after failing to properly update business associate agreements as required under the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA), federal authorities said.

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) opened an investigation into Women & Infants Hospital of Rhode Island (WIH) after receiving a report of a data breach in November 2012.

WIH told federal authorities it had lost unencrypted backup tapes containing ultrasounds of 14,004 women, including patient names, dates of birth, dates of exams, physician names and, in some cases, Social Security numbers.

More of the Data Center Knowledge post from Aldrin Brown