Data breaches that expose confidential medical data are costing healthcare providers $6 Billion a year. SC Magazine reports on a new study by the Ponemon Institute and the results are not good.
The top three causes of breaches were unintentional employee action, lost or stolen computing devices and third-party accidents. The average number of lost or stolen records per breach was 1,769.
The survey found that breaches have cost the U.S. health care system $12 billion over the past two years. The economic impact of a data breach was approximately $2 million per organization over a two-year period.
Expect the number of records per breach to increase as portable devices continue to grow in capacity and shrink in price. Employees may have good intentions when they take the entire database home with them, but data breaches often result when a car is broken into or a thumb drive slips out the pocket. Healthcare organizations need a policy for securing USB devices and it needs to be enforced automatically.
Data Security, Healthcare, Portable Storage
The partnership between BitDefender®, an award-winning provider of anti-malware security solutions, and Kanguru Solutions, manufacturer of secure, portable IT storage solutions, has helped support Kanguru’s expansion into European markets by adding BitDefender’s anti-virus software to Kanguru’s encrypted, remotely manageable flash drives.
Read the full story here.
With malware like Stuxnet spreading via USB sticks, anti-virus protection is more important than ever.
Malware, Portable Storage
Defense Systems has a great explanation of the Stuxnet worm that is targeting industrial machines and may have been an attack against Iran’s nuclear facilities. Kevin Coleman writes that the “Stuxnet worm was highly sophisticated – perhaps the most sophisticated attack that is known to the public thus far, leading some in the field to proclaim the piece of code the best malware ever.”
A commenter on the article asks why critical machines would be connected to the public internet and made vulnerable to such attacks. Dark Reading points out that even if the machines are isolated, they can be breached using USB sticks:
PLCs and control systems had been considered relatively insulated from the outside world and attack because they aren’t typically Internet-connected. But Stuxnet drove home the worst-kept secret that these systems still are connected to Windows or other machines that can get infected — in this case, by a USB stick — and therefore aren’t as protected as they had seemed.
An easy solution would be to use Endpoint Security or Group Policy to block USB sticks unless they have built-in anti-virus protection like the Kanguru Defender Elite.
Malware
11 Things You Can Do With Kanguru Defender Elite Encrypted Flash Drives
- Communicate security policy changes and updates directly to the drive and enforce changes as necessary via remote management.
- Audit drive usage to ensure policy updates.
- Create lists (whitelist/blacklist) of approved IP ranges so that drives are only used in trusted locations.
- Track device usage and location via IP addresses.
- Set a master password for administrator access.
- Immunize any PC or Laptop with Defender Elite’s onboard Anti-Virus.
- Disable and/or delete devices that have been lost or stolen.
- Meet regulatory requirements through the use of a verifiable security audit trail.
- Track device activity on each workstation/computer using Kanguru USB Device Control.
- Revoke drive access to former employees still in possession of their drives. (Particularly useful if their drive contains proprietary company info.)
- Sleep well knowing that 100% of your data is secure!
Data Security
Via ComputerWorld, “Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.”
Kanguru Defender Elite and Defender V2 secure flash drives come standard with onboard BitDefender Antivirus to prevent malware from spreading on infected drives. The first year of A/V service is free of charge and can also be used to scan the host computer for malware.
Malware, Portable Storage
The Kanguru Remote Management Console – Cloud Edition was recently reviewed at eSecurityPlanet.com. We’d like to thank Lisa Phifer for thoroughly testing the platform and giving us great feedback and suggestions. While this review provides a helpful tour of the platform, Kanguru is ready to help you evaluate for yourself and “try before you buy”.
We would also like to respond to some of the feedback and give additional details where it might be helpful.
- To clarify pricing: KRMC Cloud retails for $19.95 per drive per year, with volume licensing options available. Optional BitDefender anti-virus renewal is $7.95 per drive per year.
- Linux and Mac OS compatibility will be available soon for Defender Elite flash drives. This functionality will be added to existing hardware through a secure remote software update.
- Automatic license assignment is available for centralized provisioning.
- The ability to deactivate and disable onboard AV without Kanguru’s help will soon be available as a provisioning option.
- A number of the “wish items” are available in the more full-featured Enterprise version of KRMC.
Data Security, Portable Storage
In this BankInfoSecurity interview, a lead administrator of the ACH network discusses how cyber-criminals are targeting corporate bank accounts:
it’s a type of identity theft really in which cyber thieves gain control of business’ bank account by stealing the business’ valid online banking credentials. So these credentials are stolen through malware that is installed on a computer, and it can happen in a few different ways. So among those ways could be infected documents that are attached to an email, and the business clicks on that email that document, or a link contained within the email that connects to an infected website. Or a business could use an USB port, a flash drive, so they put the flash drive that has been infected into the USB port.
Once the credentials are stolen, the thief has access to online bank accounts and can fraudulently transfer funds out of the country. This may explain why USB autorun trojans are now the biggest malware threat worldwide according to a recent McAfee study.
Data Security
Kanguru is pleased to announce a new technology partnership with anti-virus provider BitDefender. Read the full announcement.
BitDefender is a global leader in virus and malware protection. The company’s products have won numerous awards and recognitions, including a #1 rating in protection from Consumer Reports in 2008.
Kanguru and BitDefender are teaming to provide onboard anti-virus scanning on the Defender Elite encrypted USB drive. All files stored on the drive are scanned to prevent malware from spreading through USB ports. Kanguru is including a 1-Year subscription with every purchase of the Defender Elite.
Data Security, Malware, Portable Storage
A recent NY Times story on the Google – China confrontation mentions an increasingly common attack using USB flash drives to load malware.
Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers.
USB malware is a serious problem and Kanguru highly recommends using endpoint security to defend against these types of attacks. Portable flash drives may cause security concerns, but blocking them altogether can reduce worker productivity and cause major inconveniences. Endpoint security is an easy way to allow limited flash drive usage and still keep out unauthorized devices. That is why Kanguru has built USB Device Control directly into its Remote Management Console. Now organizations can remotely manage their secure devices and lockdown all others from one integrated console.
Data Security, Malware, Portable Storage
Employees are willing to steal data from their employers and for the most part there is nothing being done to stop them. Two separate studies published this week show that insiders are walking off with customer lists, plans and proposals, and sensitive product information.
Dark Reading has more details -
Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.
As we have noted before, much of the insider theft (42% in one survey) is committed with the help of USB flash drives. In response, Kanguru is developing management tools to give companies more control over their USB thumbdrive fleet. With KRMC, administrators currently have the power to remotely disable or delete employee flash drives when the individual is leaving the company. Next week Kanguru will be announcing a powerful new add-on module specifically designed to keep unauthorized flash drives out and prevent data leakage via USB devices.
Data Security, Portable Storage
Follow us on Twitter