Just How Secure is Healthcare?

HIMSS Interview with Richard Staynings During HIMSS 2016 in Las Vegas I was interviewed by the press for my thoughts on the cybersecurity risks now facing the healthcare industry, and how effective healthcare boards were in managing down these growing risks to their business. While some of the content was broadcast, the following is an edited transcript of the full interview:  Interviewer: Welcome.  I'm here with Richard...

Read More

Take a Strategic Approach to Security Segmentation

You’ve read the stats by the end of the decade, the Internet of Everything will result in 50 billion networked connections of people, process data and things. You don’t need to look far to see it come to life in your own organization. With increased digitization comes an exploding number of devices and applications gaining access to your network, creating more data to secure and new attack vectors for malicious actors to exploit. At the same...

Read More

Cisco 2016 ASR

Its 'all quiet on the western front' was was the sit-rep I received from our SOC recently. In case it might have escaped your attention, there's been a stunning lack of a major cyber breach thus far this year. This may have lulled some into a false sense of security into believing that the forces of good were finally winning the battle against the Dark Side, however Cisco’s 2016 Annual Security Report (ASR) sheds a mixed light on the fight...

Read More

Security and the Board

Not long ago I was asked to attend a quarterly Board meeting of one of my healthcare clients and to present the recommendations of a Strategic Security Roadmap (SSR) exercise that my team and I had conducted for the organization. The meeting commenced sharply at 6am one weekday morning and I was allocated the last ten minutes of the meeting to explain our recommendations and proposed structure for a revised Cybersecurity Management Program (CMP). The...

Read More

Health Insurers Under Attack

February set a new monthly record for the largest US healthcare breach to date in which the personal records of 80 million individuals were compromised. It also marked an apparent change in focus from attacks on delivery organizations to healthcare payers. A few weeks later, two additional health insurers reported that they too had been hacked, resulting in the possible compromise of a further 11.25 million personal records. In a period of less...

Read More

Security World

I had the honor of presenting the Keynote at "Security World" yesterday in Hanoi, Vietnam to a packed house of government Ministers, Generals and other military staff from Vietnamese and other ASEAN nations, corporate chieftains, and security and privacy professionals drawn from all over Asia, Australasia, the USA and Europe. In fact I had the honor of presenting twice - the morning keynote on how the Internet of Everything will change security...

Read More

Behind the Great (Fire) Wall

The Great Chinese Firewall. June 20, 2014 For anyone who hasn’t been to China yet, the realization when you get there that the ‘Internet’ isn’t the ‘Internet’ can be slightly alarming. China blocks many of the most popular web sites and services that the Free World uses on a daily basis. Forget updating your Facebook page, YouTube, or your personal blog to 'show and tell' your friends and family about your wonderful trip to the Great Wall, Forbidden...

Read More

Not Opting-Out doesn’t mean that I am Opting-In!

Does the fact that I didn't explicitly ‘opt-out’ of your email list mean that I agree implicitly to you sending me unsolicited spam email, or any partners you may decide sell my contact information to? Does the fact that I missed or failed to uncheck the tiny radio button in your 17 page agreement mean that I agree to providing you access to datamine my contacts, my bookmarks, or my internet history? Most users would say, “No!” However,...

Read More