{"id":81,"date":"2011-12-30T16:50:46","date_gmt":"2011-12-30T16:50:46","guid":{"rendered":"http:\/\/cybersecurity.bellevue.edu\/?p=81"},"modified":"2021-08-30T13:12:19","modified_gmt":"2021-08-30T19:12:19","slug":"the-turning-of-a-year","status":"publish","type":"post","link":"https:\/\/cybersecurity.bellevue.edu\/index.php\/2011\/12\/30\/the-turning-of-a-year\/","title":{"rendered":"The Turning of a Year"},"content":{"rendered":"<p><span style=\"color: #ff0000;\"><strong>HAPPY 2012 to All!<\/strong><\/span><\/p>\n<p><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">The end of one year and the start of another is a good time to both reflect and plan. &nbsp;We should look back a little at what happened in the past year and use that to look ahead into the new one. &nbsp;To paraphrase the famous quote by George Santayana, \u201cThose who don\u2019t learn from the past are doomed to repeat it.\u201d&nbsp; <\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri; font-size: small;\">In many ways, 2011 was a booming year for the Cybersecurity industry.&nbsp; Many organizations realized the need for better security practices and tools.&nbsp; Unfortunately, this was due to the multiple breaches. &nbsp;&nbsp;According to the <\/span><a href=\"https:\/\/www.privacyrights.org\/\"><span style=\"font-family: Calibri; color: #0000ff; font-size: small;\">Privacy Rights Clearinghouse<\/span><\/a><span style=\"font-family: Calibri; font-size: small;\"> (PRC), there were 535 breaches during 2011, involving 30.4 million records containing sensitive information. &nbsp;&nbsp;(See the full story here: <\/span><a href=\"https:\/\/www.privacyrights.org\/top-data-breach-list-2011\"><span style=\"font-family: Calibri; font-size: small;\">https:\/\/www.privacyrights.org\/top-data-breach-list-2011<\/span><\/a><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">.)&nbsp; Jim Lewis, a co-blogger on this site, posted a short list of major events from 2011 with his post <strong><a href=\"http:\/\/cybersecurity.bellevue.edu\/index.php\/2011\/12\/30\/major-cyber-security-events-of-2011\/\"><span style=\"color: #0000ff;\">Major cyber security events of 2011<\/span><\/a><\/strong>.&nbsp;&nbsp;<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">My list is similar, but takes a different perspective:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">Sony PlayStation Network (SPN) \u2013 Sony disclosed in April an external intrusion where the thieves stole millions of online IDs and passwords and gained access to account holders credit cards.&nbsp; A concise history of the Sony hacks can be found <a title=\"History of Sony hacks\" href=\"http:\/\/attrition.org\/security\/rant\/sony_aka_sownage.html\" target=\"_parent\" rel=\"noopener\">here<\/a>.<\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">Epsilon, an email service provider for other companies reported the largest security breach ever with at least 60 million names and email addresses compromised. <\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri; font-size: small;\">The group Anonymous seemed to have their way on any system.&nbsp; While they didn\u2019t cause massive breaches, they did show how most organizations (like the <\/span><a href=\"http:\/\/www.crn.com\/news\/security\/231400264\/anonymous-hackers-protest-bart-deface-web-site.htm\"><span style=\"font-family: Calibri; font-size: small;\">BART subway system<\/span><\/a><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">) are vulnerable to attack.&nbsp; It forces the question, is anyone safe? <\/span><\/span><\/li>\n<li><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Sutter Physicians Services, HealthNet, &amp; TriCare\/SAIC.&nbsp; I\u2019ve combined these breaches of medical systems, although they each have their own story and lessons to be learned. These show how having lax policies for many years are now leading to breaches of sensitive medical information.&nbsp; Despite the HIPAA security rules, our personal medical information continues to be vulnerable. For some it\u2019s cheaper to risk paying fines than it is to secure the data. <\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">As we move into 2012, we need to reflect on these breaches and their root causes. Here are some of my thoughts on their lessons learned:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">Approximately 30% of users reuse passwords across Internet sites.&nbsp; If a thief discovers one password (like at SPN), then it can be used at many others. We need to educate our users to have different passwords, especially for sites containing their sensitive information.&nbsp; Better yet, we need to encourage the use of tokens or other forms of multi-factor authentication. <\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri;\"><span style=\"font-size: small;\">It may seem innocuous when our names and email addresses are disclosed, but that can open us up to spear phishing attacks. This is when a criminal directly focuses fraudulent email at us to try to deceive us into disclosing more personal information.&nbsp; The end result is identity theft.&nbsp; There are two things to remember: (1) protect your name and email and (2) be on the look-out for any type of phishing attack.&nbsp; If you\u2019re unsure about a text, tweet, or email, contact the sender offline (telephone if possible) to confirm the message.<\/span><\/span><\/li>\n<li><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Policies and laws are in place, but are not consistently followed.&nbsp; There are often no repercussions for failure to follow the policies and procedures to protect our personal information.&nbsp; Compliance and governance would solve this issue for many organizations and could help prevent future breaches. <\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">In 2012, we\u2019ll continue to see the move to anytime, anyplace computing as more people move to smartphones and tablets for their basic business. Data will continue to be pervasive as more people trust cloud services.&nbsp; It provides great convenience, but at what cost?&nbsp; Diligence will continue to be the key for both individuals and organizations. If you can develop and keep a security mindset, it may save you many headaches in both 2012 and years to come.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">What do you think will happen in 2012?&nbsp; &nbsp;&nbsp;&nbsp;<\/span><\/span><\/p>\n<p><em><strong><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Have a happy, safe, and secure 2012.<\/span><\/span><\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>HAPPY 2012 to All! The end of one year and the start of another is a good time to both reflect and plan. &nbsp;We should look back a little at what happened in the past year and use that to look ahead into the new one. &nbsp;To paraphrase the famous quote by George Santayana, \u201cThose [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32,40],"tags":[],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-concepts","category-research"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":5,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"predecessor-version":[{"id":995,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/81\/revisions\/995"}],"wp:attachment":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}