Information Security

Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). CTG works with client’s to ensure their information is secure, and practices are in place to ensure both the physical and the network aspects of that security.

Learn more about Physical Information Security.

Learn more about Network and Infrastructure Security.

Medical and Healthcare 

HIPAA?  HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.  HIPAA does the following: 

  • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; 
  • Reduces health care fraud and abuse; 
  • Mandates industry-wide standards for health care information on electronic billing and other processes; and 
  • Requires the protection and confidential handling of protected health information 

Statistics:

Employee negligence was the root cause for 81 percent of cybersecurity incidents.CSO Online

The healthcare industry was the victim of 88 percent of all ransomware attacks in U.S. industries in 2016.

The healthcare industry invests less than 6 percent of its budget to cybersecurity. Security Scorecard

In the past two years, 89 percent of healthcare organizations were breached.  Ponemon Institute 

 

Manufacturing 

SCADA  – Now the quick answer is that Supervisory Control and Data Acquisition (SCADA) is a subset of Industrial Control Systems (ICS). SCADA generally refers to control systems that span a large geographic area, such as a gas pipeline, power transmission system or water distribution system. 

Statistics:

According to a Kaspersky Lab report, industrial control systems (ICS) computers in manufacturing account for nearly one third of all attacks against those environments. Kaspersky Labs

ICS systems were attacked by some 18,000 different modifications of malware belonging to 2,500 malware families, the report said. Kaspersky Labs

The WannaCry and ExPetr campaigns were the biggest ransomware attacks against ICS systems, but they were indicative of future attacks affecting manufacturing, the report said. Kaspersky Labs

 

Legal

Mistakes: 

  • Mistake #1 – Smaller law firms almost without exception, believe that they won’t become a target of cyber thieves. 
  • Mistake #2 – Many law firms make is believing that the standard methods of preventing a cybersecurity attack will be sufficient. In some cases, the firm doesn’t want to spend the money to increase its security.  
  • Mistake #3 – Many companies including law firms, forget about third-party vendors. All those companies you do business with are a potential gateway that cyber thieves can enter through. 

The solution, as we’ve seen in many industries, is to outsource cybersecurity to trusted firms that can offer heavy-hitting, managed solutions at an affordable rate. SaaS (Software as a Service) is long overdue in this space, and thankfully it’s becoming more and more available. 

Statistics:

40% of surveyed law firms had experienced a data breach in 2016 and did not know about it.  Law Firm Cybersecurity Scorecard 

Financial 

Statistics: 

Industry is attacked 65 percent more often than any other resulting in more than 200 million records being breached in 2016, a 937 percent increase year over year. IBM X-Force Research Team

UK institution that was hit with what is believed to be the Retefe banking trojan leading to 9,000 customers having their accounts emptied, in the Ukraine and Bangladesh two banks lost $10 million and $81 million, respectively, in Qatar a 1.4GB data breach took place and DDoS attacks were used against finance companies in Canada, Russia and Greece. IBM X-Force Research Team

Overall for 2016 there were 1,684 attacks on financial services firms, an attack being defined by IBM as a security event identified as “malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources of the information itself.” This is up from the 1,019 attacks that took place in 2015. IBM X-Force Research Team

 

Staffing 

Data breaches are the worst-case scenario for any agency, especially as the price to recover each record is approximately $160 each.    

From confidential company information to client social security numbers, there is a lot of sensitive data that your staffing agency stores. A disgruntled employee could easily exploit this information and even sell it to hackers, putting your agency on the hook for damages. 

In addition to the overt risks your staffing agency faces, there is also the aftermath of such breaches. Apart from paying fines, you’ll likely need a team of crisis management professionals to help your reputation recover.  

Statistics:

More than three-quarters of users who said they understood the risks of clicking on links in emails clicked on them anyway, according to a research summary by security vendor Barkly.  Barkly

Subscribe to Our Blog
Keep up-to-date on network news
Yes, I want to receive updates
No Thanks!