When it comes to security most of the time we always think
about keeping an unauthorized user out of the system. We never really think about the internal
threats to networks. These threats
consist of employees writing their passwords on their desk calendar or putting
it on a sticky not and placing it under their keyboard. They also consist of an employee or employees
banding together to steal money, customer data, products, etc. We also never think about employees bring in
infected media and running it on company computers or the IT department cutting
corners in security. All these things
can be damaging to a companies’ system. I
found this article titled “Security is not just external- Don’t Forget the “Other”
Security”. This article talks about a
few security incidents that took place internally and not externally. Most of the incidents noted in this article can
be contributed to lack of awareness, bad judgment, and stupidity. I must say that I agree with his article. Most external hackers are usually after
money. What’s the different between them
stealing data to commit fraud or to sell on the black market for money and an
employee or employees banding together to steal thousands to millions of
dollars from business. Employees steal from companies by taking products,
customer records and company secrets to sell on the streets. They also take from companies when they
introduce infected e-mails or files to the organizations network. Depending upon how bad the situation is, the
company can lose money in downtime while the situation is being contained and
cleaned-up. I considered this to be bad
judgment especially if your company has information awareness training and you
choose to ignore it. The article can be
found at: http://www.securityweek.com/security-not-just-external-dont-forget-other-security
Monday, September 24, 2012
Monday, September 17, 2012
Miami Hospital Suffers Second Breach within a Year
The University of Miami Hospital suffered another patient
breach this year where two of its employees are suspected of stealing patient
data from the hospital. The information stolen
during the breach includes names, last four of socials, date of birth,
addresses, insurance policy numbers, and medical history of each patient. At this point they don’t know how many
patients were affected by the breach. The hospital is also offering two free
years of credit monitoring for all those who may have been affected. This
Miami hospital may want to consider employee screening before hiring and revamp
their security policy. Most of the times
when we think about breaches you assume that someone from the outside has hacked
into a system and caused harm. We never
think about a breach taken place from inside the company by employees who are
authorized to view and handle your information.
It’s kind of scary when you think of all the places that have your information
and all the different people that have access to it. This article can be found at: http://www.scmagazine.com/miami-hospital-hit-by-second-patient-breach-this-year/article/258895/
Sunday, September 9, 2012
Gamecock Data Breach
University of South Carolina suffered a breach on June 6th that may have compromised about 34,000 students and staff personal information to include their socials. The school is unsure when the breach took and place however they suspect that the breach originated overseas. The article can be found at
http://threatpost.com/en_us/blogs/gamecock-data-breach-affects-34000-082212
http://threatpost.com/en_us/blogs/gamecock-data-breach-affects-34000-082212
Subscribe to:
Posts (Atom)