Even though users have been in the security news quite a bit recently for falling prey to phishing attacks, it’s not fair to blame all of our security breaches on users lack of security awareness. There is still plenty of insecure code within our applications that are allowing SQL Injection attacks and still plenty of insecure networks that allow for gigs of sensitive data to be downloaded without throwing up an alarm. Changing users behavior with a solid security awareness program is important, but it’s only one layer of defense against our attackers.
With each advance in technology, there is the potential for attackers to take control of a device in some fashion. Attacks causing car horns to honk uncontrollably in the middle of the night or an attacker listening to private conversations inside of a car through the auto’s Bluetooth connection need to be considered when software developers add more and more functionality to the computers within our cars and trucks. If application security isn’t taken seriously as companies like Google develop self-driving cars, our highways could be turned into bumper car rides.
“A full 94% of healthcare organizations were breached in the last two years…” If that first sentence of this article doesn’t scare everyone, I don’t know what will. Health care organizations around the world are under constant attack with the sensitive data of their patients being the target. The lack of strong and secure BYOD (Bring Your Own Device) policies concerning the loss or theft of a device containing patient data is one of the leading causes of data loss. Having a patient’s PII stolen adds insult to injury in the truest sense.