Healthcare will continue to be one of the top verticals at risk due to the value of sensitive data. Security hygiene is like your immune system: bad habits can lead to the breakdown of your immune system and greater susceptibility to viruses. Likewise, in cybersecurity, bad practices can lead to the breakdown of your security hygiene and greater susceptibility to data breaches.

Healthcare has become a highly targeted field because of the high value of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) regulates data privacy for health information and mandates specific processes to best protect health data. Because of this, proper healthcare security hygiene practices are central – failure to implement them can lead to massive fines, loss of reputation and trust, and lawsuits from clients or patients.

Based on recent data breaches and levied fines, below are some of the most important healthcare security hygiene fails of 2019.

  1. System Misconfigurations and Vulnerabilities
  2. Failing to Encrypt Devices and Drives
  3. Unauthorized Users
  4. Compromised or Blank Passwords
  5. Storing Protected Data in Public Servers

Read the full post

I am excited to welcome Peter Jensen, newly appointed CEO of The Fabric co-created company Spanugo, an automated security assurance platform.

For over 20 years, Peter has been instrumental in the growth and acquisition of several startups: Thinstall (acq by VMware), Stopthehacker (acq by Cloudfare), Pancetera (acq by Quantum), and ParStream (acq by Cisco). With his strong background in Security, SaaS, GTM execution, fundraising, and developing exit strategies, Peter will be responsible for accelerating Spanugo’s market traction and product lead.

Spanugo offers solutions that provide visibility and help improve the overall security posture of your IT infrastructure, whether on the cloud or in your own data center.

As Spanugo moves onward and upward, we look forward to seeing Peter’s integration and drive toward growth and success.

Welcome, Peter!

From the early days of commercial computing, security has been an integral part of the software. But compliance is a recent development and has gained significant ground in the past two decades. Given the alphabet soup of compliance standards and frameworks, it is tempting to believe that being more compliant is being more secure; and conversely, a system that is not compliant is not secure.

An analogy may make things simpler. Consider being “learned” and being “educated.” We think of many of our philosophers, authors, and analysts as being “learned.” They seem to know a great many things and talk/write about a wide array of ideas that could have only come from being “learned.” But in practical life, when we want to apply for a job or hire someone, we ask for their “education.” Having a high school diploma, a college degree or several alphabets after your name makes you more educated. Being “educated” is measurable and easily understood. Being “learned,” that’s another thing altogether.

Being secure – you are secure… well, until you are not. Every organization does have a plan to be secure. They spend time and money to improve their security. And they believe themselves secure till they face a major security incident. Security is a goal, an objective that you constantly strive towards. Compliance, in comparison, is a milestone that can be achieved. Like a college degree, you can work towards it and be awarded a certificate, or several. You can proudly claim you are in compliance. History will decide if you were secure, it takes only one major incident to demonstrate that you were not.