What better way to begin the recap from the past week in infosecurity than with a summary of notable cyber-attacks from the past week, posted by Timo Vehviläienen of Kesko? The Slack hack was particularly worrisome considering its astounding growth rate and penetration within the enterprise market. Across 400 enterprises, 60% of organizations have employees using slack, with an average of 168 users per company. One company had a total of 950 users.
Barclays CISO Troels Oerting brought up one of the key trends driving more and more advanced cyberattacks: the organized crime entities behind them. Now, the global cybercrime economy is greater than several of the largest narcotics trades. Thinking of security from a financial perspective can also offer an opportunity for security teams: they can aim to make stealing certain enterprise data more expensive rather than impossible, reducing an attacker’s ROI to zero. This is especially useful when it comes to customers’ personal data, where different types of information will fetch different market prices.
Further to this point, Brown CISO David Sherry shared a blog post suggesting that financial incentives may be behind the increase in healthcare breaches. Health care organizations are attractive targets because health records are not only worth more, but also may be easier to get.
What are healthcare CISOs to do? Jan Winter of ING posted insights from Jim Routh of Aetna, a leading security executive in the healthcare industry. The article is a gold mine of information on how Routh’s organization approaches security.
Finally, Tim Grieveson, Chief Security Strategist for EMEA with HP, shared a CISO Career Survival Guide. Skyhigh founder Rajiv Gupta is on the record as saying there’s never been a better time to be a CIO, and we have to say that a lot of the same principles apply to CISOs. While the position has certainly come under the public spotlight, that also means more weight in c-level and boardroom discussions. New security tools that leverage machine learning technology have the potential to “outsmart” attacks, and moving data from on-premise systems to the cloud offers a great deal of security benefits.