I write my first editor’s comment in rather a sombre mood, as today is Monday 11th January and I have woken up to the news of the death of David Bowie.
Rather than try and draw an analogy about the visionary musician reinventing music over a 50 year career, I’ll write this to a soundtrack of Ziggy Stardust. So apologies for any puns in advance.
I’ve been delighted to join Infosecurity Magazine for the majority of this year covering for the remainder of Eleanor’s time away, and with seven years of experience behind me in covering information security as both a journalist and analyst, I’ve long admired this brand’s approach and coverage of the topic. Of course 2016 brings with a new set of ambitions and predictions, and over the time I get to spend in the editor’s chair I’ll do my best to address those directly.
Arriving just before Christmas, my inbox was crammed with predictions for the new year and one of the more common was that of healthcare. In 2015 we saw data breach incidents at Premera, Anthem and Blue Cross, and with a memory of numerous Information Commissioner regulatory enforcement notices against the NHS and primary care trusts, it would seem that healthcare has climbed a long and slow path to the level of the most critical data.
Listening to a recent edition of Rafal Los’ podcast “Down the security rabbithole” (episode 174 if you are interested), he talked with a progressive CISO from a Fortune 250 healthcare organization, and this was especially enlightening as the major challenges were detailed as being Big Data, third party access, mobile access and HIPAA.
In this issue we look further at the issue of mobility in healthcare, as Arxan CTO Sam Rehman evaluates the threat. This is not an area to be taken lightly, as not only is healthcare and medical data among the most sensitive in regard to personal security, but it is also the hardest to change if you are a victim.
If your credit card is cloned, you call your provider (or in my experience they call you, thanks to some excellent fraud monitoring) and they issue you a new card. If your medical data is breached, you cannot change your DNA on their record or your blood type, so you are stuck for a solution apart from the local data protection regulator giving the company a fine and a public telling off.
It is for this reason that I believe that healthcare data needs to be the most heavily protected data and with RSA Conference a matter of weeks away, I expect protecting healthcare to be on the agenda for 2016. The 2013 Target data breach shook up retail security and the US Government has pushed through stronger payment card security with chip-based authentication now being adopted by major retailers.
Will something be adopted by the healthcare organizations? Those working in those companies would argue that they are doing all they can to best secure the data, and another key challenge is the third parties who connect into the companies – the consultants, the owners of the patents and developers of the medicines, and of course the internet-connectivity of the machinery used in hospitals and surgeries. It all adds up to one big melting pot of security headaches and hopefully something we are hopefully going to predict on, but not be writing about, in 2016.
It may be many months away, but in this issue we take a first look at the key players in the 2016 US Presidential election. Much like the UK general election last year, the process begins long before voters go to the polling booth and these days social media plays a large part in the campaign trail.
This will also be the first US election where the largest companies in the world are not in finance or manufacturing, but in technology, and the key state of California is not only one for both parties to take seriously, but to consider the impact both before and after the election of Silicon Valley.
I’ve always remained excited about every new year in information security, as we have no idea of what the year will bring us but at the end of each year we are able to reflect on a previous year with new knowledge. We may lose some heroes along the way, but this remains the most dynamic sector of IT for a reason.
Dan Raywood, Editor