Fall World 2016

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Jon Seals

More Than 27 Million Android Devices With Medical Apps Likely to Have High-Risk Malware Installed

PALO ALTO, Calif. – Skycure, the leader in mobile threat defense, today announced the results of its second Mobile Threat Intelligence report, based on worldwide mobile data from Skycure and third-party sources. The healthcare-focused report found that the percentage of doctors who use mobile devices to assist their day-to-day practice are exposed to network threats that significantly increase over time. In a single month, one in five (22 percent) of mobile devices will be at risk of a network attack. This figure nearly doubles (to 39 percent) after four months. In addition to network threats, mobile devices continue to be plagued by malware. More than four percent of all Android devices were found to be infected with malicious apps. Medical app users need to be particularly wary, as the report found 27.79 million devices with medical apps installed might also be infected with a high-risk malware. The Skycure mobile threat defense platform conducted 51 million network tests in 2015, and detected the installation of nearly 13,000 malicious apps.

"The mobile phone is the best surveillance device in history," said Jim Routh, CSO, Aetna. "Each device is a potential attack target for personal data, company data, and, in the healthcare industry, the private medical and health information of patients and customers. It's imperative that both mobile users and their employers understand the risk and how to stay safe."

Mobile Healthcare at Risk
According to the US Department of Health and Human Services, more than 260 major healthcare breaches occurred in 2015. Of those breaches, nine percent involved a mobile device other than a laptop. Other research reports that 80 percent of doctors use their mobile devices to assist in their day-to-day practice and 28 percent store patient data on their mobile device, making their devices prime targets for cyber criminals. In looking specifically at the healthcare industry, the Skycure report found:

  • Eleven percent of mobile devices running an outdated operating system with high-severity vulnerabilities might have stored patient data on them.
  • Fourteen percent of mobile devices containing patient data likely have no passcode to protect them.
  • 27.79 million devices with medical apps installed might also be infected with high-risk malware.

"Mobile is a huge attack target for cyber criminals who are after sensitive personal data like patient records," said Adi Sharabani, CEO of Skycure. "Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner's data and identity at risk."

More than two in every hundred mobile devices in every industry are high risk according to the Skycure Mobile Threat Risk Score -- meaning they've already been compromised or are currently under attack. Nearly forty-four percent are medium to high risk. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.

Passcodes and OS Upgrades Increase
The report did uncover some bright spots across the mobile landscape. Some users are taking steps to secure their mobile devices. For example, the percentage of devices with passcodes enabled rose slightly to 52 percent in the last quarter of 2015 from 48 percent in Q3 2015. This may be due to new devices activated over the December holidays featuring biometric passcodes. Unfortunately, it still leaves nearly half of devices completely unprotected.

The report also found that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device's operating system.

  • At the end of 2015, 88 percent of iOS users had upgraded iOS 9, the most recent major version of the Apple mobile operating system.
  • By contrast, only three percent of Android users were using Android 6.0 or "Marshmallow" at the end of the year.
  • That leaves 97 percent of Android devices vulnerable to exploits targeting older versions.

Android upgrade adoption is complicated by carrier and device manufacturer release times. Despite its release in October, many Android users still don't have access to a Marshmallow upgrade. In addition, enterprises often have conflicting policies or no policy at all on device upgrades. This can leave many devices vulnerable to threats, such as the Shared Cookie Store Bug, a vulnerability discovered by Skycure researchers several years ago, yet only addressed in the most recent version of iOS. Skycure also recently reported the discovery of Accessibility Clickjacking, a new type of Android malware that tricks users into giving away admin access to their devices and affects 65 percent of Android devices - a staggering number of half a billion mobile devices.

To learn more about how healthcare CISOs can secure mobile devices that access sensitive information, view the on-demand webinar featuring Jim Routh, CSO of Aetna at http://get.skycure.com/mobile-security-in-healthcare-webinar.

For details and to learn more about how Skycure Mobile Threat Defense protects organizations and prevents cyber attacks without compromising the mobile user experience or privacy, visit www.skycure.com.

About the Mobile Threat Intelligence Report
The Skycure Mobile Threat Intelligence Report reviews worldwide threat Intelligence data. Today's report is based on millions of monthly security tests from October through December 2015 and includes both consumer devices and devices under management in enterprise organizations. Data includes Skycure's proprietary Mobile Threat Risk Score, which acts as a credit score to measure the risk of threat exposure for mobile devices. For organizations, Skycure condenses millions of data points to calculate a risk score so that IT can quickly discern the state of the overall system and the risk to each device.

About Skycure
Skycure is a mobile threat defense company that detects and prevents cyber attacks without compromising the user's privacy or mobile experience. Skycure's predictive technology leverages massive crowd knowledge to proactively identify threats and secure mobile devices. Skycure's founders, Adi Sharabani and Yair Amit, have identified some of the most-discussed mobile device vulnerabilities of the past few years. The company has offices in Silicon Valley, Tel Aviv, and Ottawa, and is backed by Pitango Venture Capital, Shasta Ventures, New York Life, Mike Weider, Peter McKay, and other strategic investors.

 

Today’s business is tightly coupled with data center capabilities. We’re seeing more users, more virtual workloads, and many more use cases for greater levels of compute density. There’s no slowdown in data growth in sight, and data center requirements will only continue to grow. Organizations have been working hard to improve data center economics with better underlying data center ecosystem technologies.

In comes hyperconverged infrastructure (HCI) — a next-generation technology which tightly couples the virtual controller layer with its own operating mesh. Here’s something to remember: there are a number of similarities between HCI and converged infrastructure. However, the biggest difference comes in how these environments are managed. In HCI, the management layer – storage, for example – is controlled at the virtual layer. Specifically, HCI incorporates a virtual appliance which runs within the cluster. This virtual controller runs on each node within the cluster to ensure better failover capabilities, resiliency, and uptime. In these types of models, you begin to see how technologies around software-defined storage (SDS) impact converged infrastructure systems.

...

http://www.datacenterknowledge.com/archives/2016/04/05/what-ciscos-new-hyperconverged-infrastructure-is-and-isnt-good-at/

Tuesday, 05 April 2016 00:00

Birds of a Feather Flock Together

Many companies are defined by their industries. Macro trends, terminology, regulatory and compliance requirements, and competitive dynamics—among other factors—are fundamental to how industries operate.

Not only can technology differentiate companies, but also it can have a profound impact in shaping vertical markets.

Technology is fulfilling its promise: the combined influence of cloud, mobile, data and security is forcing companies to rethink established ways of doing things and seek new ways to catapult their respective businesses forward. Industry–leading companies in healthcare, financial services, education, retail, and others already are far down the path of digital transformation.

...

https://www.citrix.com/blogs/2016/04/05/birds-of-a-feather-flock-together/

FEI Daily spoke with Dan Zitting, Chief Product Officer at ACL, about the changing compliance environment and a resulting desire among many companies to foster audit, compliance and risk management collaboration.

FEI Daily: Are the demands on audit, compliance and risk management evolving?

Dan Zitting: We certainly think so, and there are differing pressures in various industries. If you look at the SEC enforcement actions over the last year, you can see pressures on several issues, in particular on bribery and money laundering. It seems regulators have pushed a lot of companies to the point where some of these issues have become much hotter than they were in the past, so the question getting asked becomes, “What are compliance and audit, or risk management and audit, doing to coordinate on some of these problems?”

And we find — especially if the company is big and complex — it’s surprising how often the perception of the risk agenda is different between those groups. That disconnect is creating pressure to bring them together.

...

http://corporatecomplianceinsights.com/promoting-collaboration-to-improve-risk-management/

At least 14 U.S. hospitals have become victims of cyberattacks during the past six weeks, with some paying thousands of dollars in ransoms to regain access to locked data files and crippled networks.

The MedStar Health chain has been particularly hard hit in the latest wave of ransomware breaches, and operations have still not returned to normal after an attack last week targeted networks linked to several of the company’s Maryland- and Washington, D.C.-area hospitals.

...

http://mspmentor.net/msp-mentor/wave-cyberattacks-hospitals-offers-it-security-lessons-msps

Ana-Marie Jones is the former executive director of CARD, Collaborating Agencies Responding to Disasters, a nonprofit that was located in Alameda County, California. Since 1989, CARD offered an alternative approach to emergency preparedness, disaster response, and planning activities. In her tenure, she rewrote and redefined CARD’s services and curriculum to make all aspects of readiness easy, empowering, and sustainable for nonprofits, faith agencies and diverse community stakeholders. 

Unfortunately the CARD mission and efforts were discontinued due to a lack of sustained funding.  For those who are interested, you can still view the the CARD website archive.

Before joining CARD in April 2000, Jones worked for the California Governor's Office of Emergency Services, managing projects supporting nonprofits and access and functional/special needs issues. She was the acting executive director of Northern California Disaster Preparedness Network, a five-year funding initiative designed to address emergency preparedness and disaster response for agencies serving multi-ethnic, at-risk, and other diverse communities. For nearly 10 years she worked in advertising and marketing research at the American Association of Advertising Agencies in New York City.  

...

http://www.emergencymgmt.com/disaster/A-look-Back-at-the-Nonprofit-Collaborating-Agencies-Responding-to-Disasters.html

(TNS) - A new statewide identification system should provide a more efficient way to track who responds to emergencies and ensure that everyone leaves safely.

Brown County, S.D., Emergency Management Director Scott Meints said there has always been a method to track responders. He recalls many incidents where he's written down the names of helpers in all types of weather conditions.

Now, new identification tags used locally and statewide should aid in tracking by simply scanning ID badges and using key ring tags to organize where responders should go. For now, they're being used to track who attends training sessions.

...

http://www.emergencymgmt.com/disaster/New-identifications-help-track-emergency-responders.html

As city councilors here discussed the local water system recently, Summer Smith, a homeowner, rose to ask a question: “Can you explain in plain English what ‘emergent water conditions’ means? It sounds kind of alarming.”

David Trovato, the council president, acknowledged that any hint of a water quality emergency “would scare the hell out of me, too.” But there is no emergency in Woodbury.

New Jersey has designated Woodbury’s water system as “emergent” because it can’t meet the need for water at peak demand times. So this town of 10,000 across the Delaware River from Philadelphia is considering selling its water system to a private company.

...

http://www.emergencymgmt.com/disaster/Woodbury-Water-Infrastructure.html

In the wake of the tragic events in Brussels on the 22 of March 2016, I had a number of conversations with business continuity, resiliency and security managers regarding the actions they took immediately following the ISIS attacks. I found the responses interesting and varied and a number of key learning threads emerged. Many faced challenges and difficult questions when trying to respond, these included:

  • Easily identifying who has the authority to send a message.
  • Knowing how to increase the chance of getting a response back from your message.
  • If you choose not to send a message, knowing whether to inform your other regional offices. that you have not sent a message.
  • Understanding whether employees expect a message even if you know everyone is safe.

...

http://www.everbridge.com/to-communicate-or-not-that-is-the-question-everbridge/

LANSING, Mich. – IDV Solutions, LLC, has launched the latest release of its command center software platform, Visual Command Center® 5.0, which empowers organizations to elevate the value of their command centers.

The new release of the market-leading risk intelligence and response platform includes capabilities that help improve command center efficiency, collaborate more effectively, and ensure security and risk professionals are able to respond to risk events in a timely manner, consistent with organizational protocols.

“IDV Solutions is helping transform the command center into a strategic asset for organizations, and Visual Command Center 5.0 is a leap forward in that effort,” said George F. Siegle, Director of Product Management, IDV Solutions. “The new capabilities in Visual Command Center 5.0 improve the visibility of information within busy command centers and do more to support analysts and operators as they handle risk events 24/7.”

Some of the new capabilities in Visual Command Center 5.0 include:

·         Customizable on-screen checklists that help operators comply with standard operating procedures when responding to a threat;

·         A new Breaking Alerts panel that enables command center staffs to better manage and prioritize workflow; and

·         The Command Center Status Board, to communicate current command center activities on a large-screen wall monitor.

Visual Command Center 5.0 lays the foundation for a new information architecture designed to support multiple stakeholders inside and outside the command center including making more effective use of the command center video wall. 

The command center software platform provides a common operating picture of a company’s assets, personnel, and operations in relation to potential threats to those assets. It integrates information on global sources of risk, like weather, terrorism, and natural disasters, with information from an organization's internal operations and systems for more effective risk analysis and response to those threats.

Some of the world’s largest private and public organizations use Visual Command Center for corporate security, business continuity, crisis response, traveler and executive protection, supply chain risk management, and more.

To request more information and to learn how Visual Command Center can support your organization, click here.

About IDV Solutions, LLC

IDV Solutions, LLC empowers organizations to take command of risk by delivering command center software that is used to protect people and assets, ensure continuity of operations and create competitive advantage. Its Visual Command Center® software is an enterprise platform for risk intelligence and response used in organizational functions such as business continuity, security, supply chain and operations to mitigate or eliminate the impact of risk. By helping organizations in the Global 2000 and government transform their command centers, they are able to excel at managing operational risk. For more information, please visit idvsolutions.com.