All Blog Posts

De-Bugging the Top Cybersecurity Stories of 2015

When I started writing this and searched “Sony,” one of the first autocompletes Google supplied was “hack.”

SONY Security Breach

“Anthem?” “Data breach.”

Anthem Security Breach

A select number of high-profile breaches have commanded headlines and dinner table conversations over the past couple of months. While these are certainly not the only cybersecurity stories worth paying attention to, there are clearly factors that captured a substantial amount of media hype. However, especially in the world of hacks and data breaches, the news can reflect less of an emphasis the hack itself or how vulnerable parties can protect their information, and more a mythologized sense of fear, uncertainty and doubt (or FUD).

Let’s take two hot issues in the cybersecurity space and break them down a little further.

Healthcare

Between the major coverage of the Anthem hack and more recently Premera Blue Cross, it can feel like healthcare data is the newest cyber-hack trend. Experts are even warning the 2015 could be the “Year of the Healthcare Hack.”

Medical data is valuable—it contains not only highly personal information, but also financial and social security records that can put people more at risk for identity theft. That said, it’s possible that reporting rates play a role—federal regulations and HIPAA make it much more difficult (and the penalties very severe) for a healthcare or insurance company to sweep a breach under the rug.

Here, frequent, timely communication with both the media and those affected can lessen the impact of a medical data breach. Companies that deal with personal health information (PHI) can also reassure stakeholders by being proactive and up front about their data privacy practices.

Espionage

Cybersecurity has become a global endeavor. Just last week, in the wake of the highly publicized cyberattack on Sony Pictures last winter, the Obama administration has put in place protocols that let the Secretary of Treasury sanction anyone engaging in “malicious cyber-enabled activity” anywhere across the work.

Sony’s not the only company to suffer a hack with possible ties to foreign espionage, rather than simply money-making motivations. Recent reports suggest the actors behind the Anthem attack may have also been state-sponsored. But this kind of cyberwarfare isn’t new—the tactic was used by the U.S. in Israel 2010, when the bug Stuxnet targeted Iranian industrial systems suspected to be involved in uranium enrichment. The dangers of these state-sponsored hacks are certainly real; however, the “arms race” nature of the narrative isn’t all that different from what we’ve seen play out over history.

So how to avoid getting caught up in the hacking FUD? If your organization deals with sensitive data, share actionable advice, like how consumers or businesses impacted by a breach can protect vulnerable information. Educate consumers on how to use caution with personal data and passwords while assessing your cybersecurity strategy. Show consumers that despite high-profile breaches, there’s no need to throw your phone off a cliff to stay safe from hackers.

Have any tips for dealing with FUD? Tweet us @WalkerSands.