A lack of standards spelling out to manufacturers their responsibilities for addressing the cybersecurity of their medical devices - especially legacy products - has left a big burden on the healthcare entities that use these devices, says Cletis Earle, CIO at Kaleida Health.
Behavioral analytics have taken the fast lane from emerging tech to mature practice. And Mark McGovern of CA Technologies says the technology is being deployed in innovative ways to help detect insider threats.
Consumers are more concerned than ever about their identities being compromised, yet they're failing to connect the dots between fear and preventive measures, according to recent research conducted by IDology. John Dancu, the company's CEO, explains the implications for businesses.
The U.S. Supreme Court has ruled that location data generated by mobile phones is protected by the Fourth Amendment, meaning police need "probable cause" before they can access it. The ACLU says the ruling "provides a groundbreaking update to privacy rights" in the digital age.
Australia's large online medical booking platform, HealthEngine, has become embroiled in a privacy controversy after it reportedly passed personal medical details to a personal injury law firm. HealthEngine maintains it obtained users' consent, but the revelation appears to have caught many by surprise.
When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.
A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield her personal health information from public view. The ruling once again reaffirmed a longstanding precedent that individuals cannot sue for alleged HIPAA violations.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.
Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.
The EU's GDPR is already having an impact on how organizations approach data breach detection and remediation, leading many to rely more strongly on security orchestration and automation, says Allen Rogers of IBM Resilient.
Organizations are increasingly turning to devices and the cloud to foster better collaboration and access to essential data. But as they do so, "the number one blocker for enabling digital transformation is security," warns BlackBerry's Florian Bienvenu.
Organizations are increasingly tapping behavioral analytics to help incident responders "correlate data from multiple sources and save time in the response workflow" - in other words, to more quickly detect and mitigate breaches, says Nick Bilogorskiy at Juniper Networks.
Never underestimate the human factor in attacks. Indeed, many of today's top attacks - from malware to phishing - require some level of interaction from victims. "They're targeting people - they're targeting the users within our businesses," says Proofpoint's Adenike Cosgrove.