This week’s Security Central takes a look at Verizon’s discounted acquisition of Yahoo, examines the push by Trump's administration for increased cybersecurity spending in government, and peeks inside new research from Safetica USA regarding data breaches in healthcare organizations.
Well, it finally happened. After much hemming and hawing, Verizon has finally scooped up Yahoo. The relationship of course comes with baggage, as Yahoo suffered two large-scale breaches in 2013 and 2014, the repercussions of which came to light just last year. Verizon had already been slated to acquire the floundering Internet giant, so the breaches came as a nasty, after-the-fact shock to everyone involved. So, as with any relationship pitfall, Verizon understandably told Yahoo it “needed some space” for awhile. Space to regroup, evaluate the implications of the hacks and come up with the terms to renegotiate the price of the buy.
And renegotiate they did. The original deal was that Verizon would purchase Yahoo for $4.83 billion, but the two companies confirmed on Tuesday that they have both agreed to a $350 million price cut, knocking the value of the deal down to the low low price of $4.48 billion. Since the news of the breaches… breached, industry experts and channel partners have suspected that Verizon wouldn’t walk away from the deal, but would instead demand a price cut due to the potential ramifications and potential user drop-off caused by the massive hacks.
They were correct, it turns out. Verizon had apparently spent the months “apart” to conduct a few brand studies, and found that Yahoo's reputation was actually holding steady after the hacks, according to a Reuters article on the buy. Verizon made the decision to continue with the deal largely because of the encouraging results of those studies, but also because they ultimately decided it still made an incredible amount of business sense.
“We have always believed this acquisition makes strategic sense," Marni Walden, Verizon's executive vice president and president of product innovation and new businesses, said Tuesday in a statement. "We look forward to moving ahead expeditiously so that we can quickly welcome Yahoo’s tremendous talent and assets into our expanding portfolio in the digital advertising space.”
The deal will thrust Verizon into the mobile content and digital advertising arena, a good expansion move for them. The buy will also give Verizon access to Yahoo’s internet assets, such as Flickr, Tumblr, and Yahoo Mail, Finance and Sports (which reaches a casual global audience of about 1 billion users today). The amended deal is expected to close in Q2 of 2017.
Turning to the Trump side of things, as we find ourselves doing on a near-weekly basis, it came to light this past week that the President’s administration has been pushing, with a renewed determination, for increased cybersecurity spending in government. Not only that, but also for increased digital surveillance and encryption workarounds. According to cybersecurity policy experts, Trump is expected to focus on improving U.S. agencies’ cybersecurity capabilities and prowess, but not necessarily cyber-regulations for businesses, as reported by PC World.
It is speculated that Trump will seek out ways to beef up the National Security Agency and other agencies in order to better assist the government in defending against cyberattacks. Jeffrey Eisenach, a tech advisor during Trump's presidential transition, stresses the importance of this push.
"Cyber has to be top of mind for any view of the United States' global strategy," Eisenach said Wednesday during a discussion about Trump's cybersecurity priorities. "If you're not thinking of cyber first, I don't know what you should be thinking about."
If you remember, Trump had delayed the signing of a cybersecurity directive that had been planned for Jan. 31, causing experts, channel partners and business leaders everywhere to scratch their heads in puzzlement. No new date has been set for signing the cyber order, but executives attending a security conference in San Francisco this week state that the administration is taking steps in the right direction, seeking input to help smooth the eventual rollout.
In a statement to Bloomberg, Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike Inc., is one such input-provider. “People associated with the administration have reached out for feedback to myself and other experts in the industry as they’re thinking through the strategy for cybersecurity and more,” said Alperovitch. By and large, experts agree that this is an encouraging sign, and the steps being discussed and implemented will get the previously reluctant cyber train moving.
So what exactly are some of the tangible things that can and should be done? Steve Grobman, CTO of Intel Security, says that Trump should focus on encouraging agencies and companies to share cyberthreat information and on modernizing government IT systems. Further, he states that the government's legacy IT systems "were not designed to make use of modern security best practices.” To help with private-sector cybersecurity, Grobman says, Trump should look for ways to expand cybersecurity training programs. Where have we heard that before?
To wrap up the week, we take a look at new healthcare-related security research by data loss prevention specialists, Safetica USA. According to the software company, data breaches involving business associates working with healthcare organizations almost doubled in 2016, thanks to a rise in cases involving errors and accidental leaks by employees.
Safetica USA's research reveals that business associates accounted for one-in-five of the 16 million confidential patient records that were compromised last year. To clarify, “business associates” can be any company - including IT service providers - that manage or use confidential patient data as part of their service to healthcare organizations. Safetica’s research also shows that "unauthorized disclosure," or mistakes and misjudgments by staff, is right up there with "theft" as the primary cause of breach by business associates for the first time.
Notable cases in 2016 include:
- Financial, clinical and demographic data on 998 people was mailed incorrectly after a computer error and mismatch of addresses on envelopes in a mailing room.
- Survey data including names and demographic information about 487 people was “misdirected” to the wrong recipients after a printer paper jam.
“We all tend to think of data breaches as deliberate and malicious acts," states Luke Walling, General Manager of Safetica USA. "But increasingly, they come from insider mistakes."
Walling goes on to say that Safetica's research is only the visible tip of the data security iceberg. The HHS database only records major breaches affecting 500 people or more - there’s a hidden story of smaller data security lapses happening every month that are not disclosed in the database.
“This is an issue facing every business associate working in healthcare - and everyone needs to take steps to reduce and remove the risk of a data breach.” This won't be the last of this kind of research and findings on the state of security within the healthcare industry, as it is currently the biggest targets for hackers. More will come, but the message remains the same... take the necessary steps to reduce risks, particularly from within.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.