After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Three recent breach incidents, each involving the loss or theft of back-up drives, illustrate that some organizations are doing a better job than others in informing consumers about the steps they're taking to prevent more breaches.
Although many organizations are using encryption to protect data on mobile devices, they're often overlooking other important ways to prevent health information breaches, says Terrell Herzig, information security officer at UAB Medicine.
An Illinois childcare agency has articulated a revised security policy, including the use of encryption, in announcing a breach involving the apparent theft of three back-up unencrypted portable hard drives.
Enforcing standards for privacy and security is a major part of a new health information exchange accreditation program, says Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
"In this future, cyber devices have innate capabilities that enable them to work together to anticipate and prevent cyber attacks and recover to a trusted state," says DHS Deputy Undersecretary Philip Reitinger.
Users of RSA's SecurID two-factor authentication products, acting on advice from the company, are devising strategies to monitor for threats and take preventive steps in the aftermath of a hacker attack against the products.