It’s December and time for us to deliver a retrospective of key topics that defined the 2013 security landscape.
This was the year that metadata made the headlines, big data became a reality, and compliance regulations are now more than ever affecting and influencing company processes and decision-making.
Below are the 5 most-read blog posts we published this past year:
Banks are responsible for managing and safeguarding your money and I’m sure you’d find it unacceptable if a bank said that only half your money was safe. Human generated data is like money in the bank: extremely valuable and warranting vault-like security. Sadly, our research tells us that merely half of the data that needs protection hasprotection.
Addendum: As a reality check, at 1:44pm on December, 11, 2013 I typed in “hacked” (see image). Rob was right, we haven’t reached peak security, at least not this year.
By leveraging consumer purchasing behavior and big data technology, Walmart learned that demand for pop-tarts rises right before a hurricane makes land, so they know to stock up on this easy-to-prepare sustenance. But companies have generally been reluctant to share their Big Data, even though we contribute much of the data that companies collect. For example, wireless carriers won’t allow subscribers to view granular details of their cell phone bills, and electric utilities have similar policies on home power usage. The grand goal is that, just like Walmart, one day we’ll be able to analyze our idiosyncratic behavior and realize our own pop tart moments.
One story I don’t think any one of us could have escaped this year was Edward Snowden. Rather than debate the morality of whistleblowing, our post takes a look at the technology aspects of Snowden’s leaks. Snowden’s story has become a cautionary tale for organizations that want to make sure that the right people have the right access to the company’s data at all times.
Before the Internet, researchers were well aware that income, education, gender, and other demographic metadata are powerful predictors of who we’ll form relationships with. And the inverse is also true: our friends and contacts can tell us a lot about ourselves. With everyone on a social network and sharing personal details by the nanosecond, online metadata now has awesome powers to reveal more than you might think.
New rules are in full effect – any company that has access to e-PHI will be treated just like a hospital or HMO and come under HIPAA’s privacy and security obligations. If you are still reading this, you’re obviously a subcontractor who has stored and processed medical data from a healthcare entity but for whom HIPAA was a meaningless jumble of initials. Boy, do we have a video for you. You might ask, why me? Well, the ultimate intent of the new HIPAA rules is to close off any holes in security and enforcement when the primary hospital or other ‘covered entity’ outsources its data processing.