IT Security Stories to Watch: Are Businesses Ignoring ‘Security Basics’?
Were most of the data breaches that occurred in the first half of last year preventable? According to the Online Trust Alliance (OTA), a nonprofit organization that provides businesses with online security best practices, 90 percent of these incidents “could have easily been prevented.”
And thanks in part to its recent findings, the OTA sits atop this week’s list of IT security newsmakers to watch, followed by Adobe (ADBE) Flash Player, Kaspersky Lab founder Eugene Kaspersky and St. Peter’s Health Partners.
Here’s a closer look at each of these IT security newsmakers and what managed service providers (MSPs) can learn from them:
1. OTA: Businesses fail to adopt security basics
The OTA last week released its 2015 Data Protection Best Practices and Risk Assessment Guides, which analyzed over 1,000 breaches involving the loss of personally identifiable information (PII) last year.
OTA researchers noted that 40 percent of last year’s data breaches was caused by external intrusions, while 29 percent was caused by employees – accidentally or maliciously – due to a lack of internal controls. Also, the OTA pointed out that many data breaches occurred due to lost or stolen devices or documents (18 percent).
Craig Spiezle, the OTA’s president, said he believes that many businesses still need to adopt security controls to prevent and mitigate data breaches.
“Businesses are overwhelmed with the increasing risks and threats, yet all too often fail to adopt security basics,” he said in a prepared statement.
2. Kafeine discovers Flash zero-day vulnerability
Malware researcher Kafeine recently found a zero-day vulnerability in Flash Player that is being used by an exploit kit known as “Angler.”
The vulnerability exists in Flash Player version 16.0.0.287 and earlier for Windows, Macintosh and Linux and could allow a remote attacker to plant malware and take control of vulnerable computers, British security blogger Graham Cluley said.
Adobe released a patch to fix the vulnerability on Tuesday.
3. Kaspersky: Cybercriminals are becoming “more professional”
While new cybersecurity technologies are helping organizations worldwide, these tools also are providing new opportunities for cybercriminals, according to the founder of Kaspersky Lab.
Kaspersky himself told The Huffington Post that he believes that cybersecurity issues are still problematic for many organizations.
He pointed out that some hackers are becoming “more professional” too.
“It’s not the end of the revolution, and unfortunately the bad guys, the criminals – let’s say they’re criminals – they are getting more and more professional,” Kaspersky said.
4. St. Peter’s Health Partners warns patients about possible breach
St. Peter’s Health Partners last week sent out over 5,000 letters to patients warning them about a possible data breach.
The community and healthcare services network said it launched an investigation immediately after an employee’s cell phone was stolen last November.
St. Peter’s Health Partners officials also said they are trying to determine if the thief has accessed any corporate emails that included patients’ personal information.
What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.
