Security News Article Week 3
Random unannounced attacks on systems prove a valuable insurance policy
The security article chosen this week identifies HCA Australia and what they are doing to proactively mitigate vulnerabilities and threats. HCF Australia is a health insurer and operates in the heavily regulated financial and health care sector. Its business is subjected to strict privacy and security obligations. It is imperative that the company prevent hackers from accessing their network. One attack could bring their network completely down.
In an effort to prevent unauthorized entry into their
network HCA has adopted following the measures:
- Hired an external consultant to randomly attack their network for the purpose of discovering vulnerabilities;
- Hired a security officer in its network division;
- Provides security and privacy education and training for its employees;
- Deployed a Citrix farm to maintain data access controls and uses encrypted web sessions;
- Standardized its Message Labs' anti-virus and anti-spam tools;
- Developed an encrypted wireless network; and
- Uses BIOS passwords for laptop access and RSA tokens for mobile users.
This article cites a newly released global security
survey conducted by Deloitte that found more than a quarter of companies in
the life sciences sector did not know if their networks had been breached and
found that fewer than a fifth of the companies use Public Key Infrastructure.
Julie Priest, leader of Deloitte's health-care and life-sciences group and the
firm's IT security group says that compared to companies in the financial
sector companies in the health care and life sciences sector are "less
sophisticated and do not recognize that organized crime is after their
information to sell it". Priest indicates that IT Security is an after thought
to companies in the health care and life sciences sector. According to Priest,
the health care and life sciences sector has significant risks and challenges
which included: heavy regulation, a complex supply chain, issues with
protecting intellectual property, and data privacy concerns regarding their
research databases and clinical test databases.
Reference: