Monthly Archives: August 2016

Google takes on FaceTime and Skype with Duo

Google is betting on simplicity, cross-platform functionality and privacy concerns to attract smartphone uses to its Duo video-calling app.

Google has launched video-calling app Duo to challenge Apple’s FaceTime and Microsoft-owned Skype, enabling video calls between Android and iOS devices with end-to-end encryption.

“You shouldn’t have to worry about whether your call will connect, or if your friend is using the same type of device as you are,” Google said in a statement.

Duo is widely seen as part of Google’s business strategy to make apps compatible with a broad set of devices, providing iOS and Mac users alternatives to Apple apps.

Google hopes to attract users through a simple and easy to use interface for Duo which enables calls to anyone on a user’s phone contact list without needing a separate account.

Analysts said Google’s previous video calling and messaging app Hangouts had limited adoption because it required both users to have a Google account.

The switch to using phone numbers rather than a Google account or Gmail address brings Duo in line with Facebook’s Messenger and WhatsApp, Skype and FaceTime, making it easier to video call friends, family and other people already stored on mobile phone contact lists.

Google also claims to have built Duo to be fast and reliable even on slow networks by adjusting picture resolution automatically to ensure connections are maintained.

Due is also designed to switch between Wi-Fi and cellular data automatically without dropping calls.

“To make calls feel more like an invitation rather than an interruption, we created a feature in Duo called Knock Knock which lets you see live video of your caller before you answer, giving you a sense of what they’re up to and why they want to chat,” Google said in a blog post.

Google is also hoping to win competitive advantage by emphasising the Duo has been built with attention to privacy and security, with Duo calls being encrypted end-to-end.

Duo is aimed at the consumer market, which means it will not replace Hangouts, which will continue to be developed for enterprise users and become more integrated with Google Apps.

Via: computerweekly

Text messages aren’t private, judge rules

In a ruling released on 8 July in the Ontario Court of Appeal, Justice Justin MacPherson wrote that texts received by a person under investigation can be searched and admitted into court just by using a warrant.

In the case of text messages, this ruling states that there should be no expectation of privacy and wiretap laws are not applicable.

In the majority ruling in this case, Justice MacPherson wrote:

It has never been the case that privacy rights are absolute. Not everything we wish to keep confidential is protected under s. 8 of the Charter. In my view, the manner in which one elects to communicate must affect the degree of privacy protection one can reasonably expect.

The case in question involved Nour Marakah and Andrew Winchester, who were texting each other about purchasing firearms illegally. When both were under investigation, police seized their phones (and text messages) during searches of their homes.

Marakah’s lawyers were at first successful in arguing that the texts on Marakah’s phone weren’t court admissible, but that argument fell apart in the case of Winchester’s phone.

During the appeals process, which culminated in this ruling, the judges asserted that the texts on Winchester’s phone were absolutely admissible because Marakah had no expectation to privacy on texts he sent to Winchester once Winchester received them.

Same device, different rules

Although phone calls are usually protected by wiretap laws, meaning your phone calls are considered private, this landmark case helps establish the case for Canadian law enforcement and government that text messages don’t need wiretaps.

While text messages you send to someone else may be private from the cell phone carriers, thanks to this ruling they aren’t considered private once they reach your intended recipient and can be used in court to prosecute you without needing to use a wiretap.

The crux of the argument is that what happens to your text message after you send it is out of your control. After all, the person who receives your text could elect to share it with someone else, without your knowledge or consent.

This ruling is great news for Canadian law enforcement, as it means there’s no extra step of having to obtain a wiretap if they want to use text messages when investigating or prosecuting someone.

Not so great news for many people’s expectation and use of text messaging today though, wrote dissenting Judge H.S. LaForme:

A typical exchange of text messages is a private communication between two people. It is essentially a modern version of a conversation and can contain as much private information as an oral conversation.

If the majority of judges in this case agreed with this opinion, it would mean law enforcement would need a wiretap to use text messages in court.

Unfortunately for Marakah, that’s not how the case went.

Via: nakedsecurity

Why Delta’s Outage Caused Such Widespread Headaches

The system-wide computer outage at Delta Air Lines continues to disrupt travel, with the cancellation of more than 2,100 flights and the delay of many more since the snafu began. Hundreds of thousands of passengers were stranded around the globe as the ripples spread out from Delta’s Atlanta headquarters.

The air carrier initially blamed the computer shutdown on a power outage by the Atlanta utility company but later said it was the result of an internal outage followed by the failure of a backup system to take over when the main computer system failed.

The airline had projected a return to normal operations by Wednesday afternoon, but delays and cancellations continued to mount.

“We’re in the final hours of bouncing back from the disruption,” Delta Senior Vice President Bill Lentsch said in an online update Wednesday.

Delta on Wednesday extended the period during which affected passengers can rearrange their travel plans without penalty and widened the pool to people with tickets for Tuesday and Wednesday flights. The company originally said rebooking and travel had to happen by Friday to avoid paying a change fee, but now customers have until Aug. 21. Delta also is offering refunds and $200 in travel vouchers to people whose flights were canceled or delayed at least three hours and is putting people up in hotels.

To find out what happened and why the effects were so widespread, The Times turned to industry experts Jan Brueckner, an economics professor at UC Irvine; Mark Gerchick, an author and former chief counsel at the Federal Aviation Administration; and Sam Kidd, an account manager at Zerto, a Boston-based data disaster recovery software company. Here are edited excerpts from those interviews.

Why was the impact of this computer shutdown so widespread?

Brueckner: Following a series of mergers over the past decade, 80% of all domestic travel is now controlled by four major carriers. They are, in order of passenger traffic, American Airlines, Southwest Airlines, Delta Air Lines and United Airlines. “When airlines get big, as current airlines are, when they have a problem it affects lots of people.”

Delta’s system was back online within a few hours. Why are we still seeing cancellations and delays days later?

Gerchick: To increase revenue and reduce costs, airlines fill planes to near capacity and try to schedule as many flights as possible with minimal turnaround time. “Capacity is being cut or not growing nearly as fast as demand. Load factors are high and there is much less flexibility in the system. You now have much more of a waterfall effect with each glitch.”

Have airline computer systems become too big and complicated?

Kidd: The computer systems used by airlines are not any more complicated than those used by other industries, such as banks. Airlines systems are just getting more scrutiny because a shutdown of an airline disrupts business trips and vacations and draws lots of media attention. “We can’t deny that the workload has gone up in the way airlines operate but it’s the same with finance companies and others. It’s just the nature of how we as a civilized society have evolved and adapted.”

Gerchick: An airline’s computer system is no longer just responsible for ticket bookings. It is also used for seat assignments, loyalty reward programs, targeting passengers for follow-up email and even selling vacations. And that is before you get into the ancillary sales. “I imagine the amount of information on these systems is greater than 20 years ago. I imagine the demands must be grand.”

Delta said it is still investigating why its backup system did not kick in when its main system failed. What can businesses like Delta do to reduce the likelihood of such catastrophes in the future?

Kidd: Airlines and other companies that handle a great deal of data must regularly invest in their software and hardware, and update and test it on a regular basis. At the same time, it’s more difficult and costly for a 24-hour operation like an airline to upgrade or test its computer system without interrupting regular operations. “The airlines I speak with are always investing in different things. Airlines are built on information technology. They know that every interaction with customers is done with IT.”

Are airlines investing enough in their computer systems or are they focused on buying new planes and building lounges — investments that might impress and draw in more high-paying customers?

Gerchick: It’s unclear how much is enough to invest in computer systems but airlines feel pressure to modernize their fleets because new planes give passengers the sense that airlines are more modern. Travelers rarely think about the investments needed for an airline’s computer system, until it fails. “Airlines are loath to spend on technology. People can tell if a fleet is old but they have no idea what’s going on in the back room. That is very different. They just assume the computer systems work. But you need to look at it through the prism of revenue. You are going to lose money if it screws up.”

Delta has had a reputation as one of the most punctual airlines in the industry. Will passengers forgive and forget this incident or will Delta feel long-term impacts?

Brueckner: “This kind of outage is a huge black eye for the airline. It’s like having a crash. You don’t want to do that.”

If a power outage could shut down the airline worldwide, what does this say about how vulnerable Delta’s system is to hackers or terrorists?

Kidd: The risk of a cyber attack cannot be totally eliminated, so airlines need to focus on recovering data quickly and getting systems back online as fast as possible. “All facilities have security. You can’t just walk up to these facilities. You can’t just stroll in there. The risk of an attack is pretty low. The bigger risk is how we deal with cyber crimes, people trying to hack into our systems. You can never say nothing will ever happen. We can just try to minimize the impact.”

Via: enterprise-security-today

Tesla moves forward on $2.6B SolarCity acquisition

Tesla has announced that it had come to an agreement to acquire SolarCity in a $2.6 billion all stock transaction. Tesla first announced it was interested in acquiring the solar power company back in June.

In the wake of the announcement, both Tesla and SolarCity stock is being traded down. The original anticipated range for the sale was $26.50 to $28.50 per share. Rather, the deal will be moving forward at $25.37 per share. This is a loss of over $200 million dollars in SolarCity value over the last month based on shares of the company outstanding.


Solarcity Corporation (SCTY) Stock Price | FindTheCompany

When the announcement was first made back in June, Tesla stock tumbled while SolarCity was bid up. Unfortunately for SolarCity, investors didn’t get the same treatment this time. SolarCity lowered its guidance in sync with the announcement this morning, blaming lower than expected demand for its solar technology.

Both Tesla and SolarCity filed Form 8-K’s notifying investors the companies had reached an agreement. SolarCity shareholders will receive 0.110 common shares per SolarCity share rather than the originally proposed 0.122 to 0.131. Members of both boards, including Musk, have recused themselves from voting on the transaction because of conflicts of interest.

Tesla expects the transaction to produce $150 million in cost synergies in the year after the deal closes. The company wants to kick-back some of these synergies to consumers and make clean energy more accessible. Many of the synergies are textbook: combined customers and streamlined marketing. However, because Tesla has a retail network of its own, it will be able to sell direct-to-consumer right from its stores at the time a car is purchased.

Tesla is now on the second part of its two-part master plan. The Tesla SolarCity acquisition represents the completion of the final goal in Musk’s first master plan. The decade old plan called on Tesla to “provide zero emission electric power generation options.” The new plan announced last month calls on Tesla to “Create stunning solar roofs with seamlessly integrated battery storage.”

To create a truly vertically integrated energy company, Musk needs to own both power generation and the storage of energy produced. In time for its acquisition of SolarCity, Tesla opened its $5 billion Gigafactory earlier this week. At full efficiency, the factory will reduce lithium ion battery costs by 30 percent by 2020. To charge all these batteries, Tesla needs to get inside the solar market lickety–split if it wants full control of the space.

To realize the full value that this acquisition could bring to Tesla shareholders, it is important to view the transaction in the context of Tesla’s future plans. Musk wants to push Tesla farther into the commercial space with electric solutions for public mass transit and cargo transport. Battery technology will not be limited to Powerwall and Powerpack in the future.

To put Tesla’s hunger for batteries in perspective, the average car today can attain 25 miles-per-gallon while a semi in gasoline equivalent comes out around 5 miles-per-gallon. This presents both an engineering and economic challenge. Not only would Tesla need to supply enough batteries to close the gap, it would need to simultaneously reduce vehicle charging downtime while increasing battery output. Every minute spent charging extends delivery times. Every battery in a trailer results in fewer goods being transported.

Tesla has its work cut out for it over the next decade. Investors are angsty about the acquisition because it means more uncertainty. Musk’s mission depends on success in not one but many areas of research and development. Autonomous driving technology could remove the driver all together opening up cab space for batteries. Reductions in the cost of batteries could open up Tesla’s technology to emerging markets.

If Musk can catch the clean energy conversion at just the right time, Tesla will make a fortune that will bankroll other projects. Unfortunately, Breakout Labs isn’t funding Tesla right now and technical execution risk will reduce the value of Tesla in the short term on public markets.

The transaction is expected to close in Q4 2016 after shareholders vote at their respective meetings.

Via: techcrunch

Google tests a more personalized version of its virtual assistant, Google Now

Google Now, the intelligent personal assistant bundled into Android and Google’s search application, is already adept at bringing you the information you need at the right time, whether that’s traffic alerts, event reminders, sports scores, stock updates, weather, flight info, and much more. But one area where Google Now falls a little short is in customizing the assistant more precisely to your needs.

Today, this is done via a series of on/off toggle switches in the app’s settings, which is a bit hidden, as well as by tapping on individual items where you can tell the app you’re “not interested” in that card, or that news source.

However, a new feature in the works called “Explore Interests” appears it will give users more control over what sort of information Google will track on your behalf, and will make it easier to tell Google exactly what sort of information you want to hear more about.

The feature was spotted in the wild by the blog Android Police, which claimed it may be rolling out slowly. However, a Google spokesperson confirmed “Interests” is an experiment that the company is testing with the look-and-feel of the product, adding that Google has nothing to announce at this time.


With “Explore Interests,” Google is offering a different way to track news and other topics, beyond allowing Google to passively determine this information based on things like search history or location. The app informs users they can “pick teams, bands, movies, and more” and a click-through takes them to a screen where there are colorful tiles for sections like “Sports,” “TV,” “Movies,” “Musicians,” “People,” “Stocks,” and more.

As you dive into each section, you can browse through cards of individual items across a number of subcategories, then click plus (+) signs to add the item to the list of things you’re tracking.

For example, under the “TV” categories, there’s a subsection of just “Reality” TV shows, with items like “The Voice,” “American Idol,” “The Bachelor,” and others available to track with just a tap. Meanwhile, the “People” section may show you cards for politicians like Clinton and Trump, as well as athletes, actors and other figures.


As you browse through these sections, you can also see which topics are “Popular in Your Area,” which gives the Google Now interests feature a bit of local flair.

The idea of using Google to track very specific information is something that’s been around for ages, dating back to the launch of Google Alerts. A number of startups also arrived over the years, trying to best the Google Alerts experience, but most have been focused on the “social” mentions space. Google Now’s (hopefully) forthcoming “Interests” section will instead offer a similar tracking ability, but bundle it into the app that users launch daily.

Being able to better customize the Google Now assistant is something that comes at a critical time for the company, as Apple’s Siri is making its way onto Mac in addition to iOS and Apple TV, Cortana is bundled into Windows and can’t be entirely shut off, and Amazon’s Alexa platform is making strong headway into the customer’s home through its Echo speaker and other devices. Google, therefore, is challenged to not only make its assistant practical and proactive, in terms of offering things you need to know – like when to leave for your meeting – but in making it a tool that tracks those things you want to know about, too.

Via: techcrunch

Seagate has a 60TB solid state drive now


It is, sadly, just for businesses, so slow your roll before you start daydreaming about what you’ll load onto yours. The company showed off a few new products at the Flash Memory Summit in Santa Clara, but nothing quite as jaw dropping as what the company is calling “the largest SSD ever demonstrated.”

The 60TB SSD is firmly in demonstration mode, meaning it’s sort of a “hey, look at this crazy thing we made,” though the company is forecasting a release for some time next year. When it does hit the market, it will be targeted at large scale business customers looking for a whole lot of storage for their data centers.

But just for fun Seagate’s offering up a little relatable context to help give us all a picture of precisely what 60TB means, in terms of media consumption. That all equates to 12,000 DVD-quality movies or 400 million social media-level photos, which should just about satisfy the monthly output of your average Instagram user.

According to Seagate, the technology should “delive[r] the lowest cost per gigabyte for flash available today.” No word on actual pricing, but that will likely work out to still crazy prohibitively expensive, only less so than before. Also of note is the fact that the new architecture is set to pave the way for an even more ridiculous 100TB version.

Via: techcrunch

Test the security of your apps with Verify.ly

It’s not easy for the average user to determine whether or not the apps on his or her iPhone are trustworthy. Some apps scoop up contact lists, others unnecessarily harvest your location data, and some even send your login credentials over insecure HTTP connections.

But, if you’re not a developer, it can be difficult to tell which apps are collecting or leaking your personal information.

Enter Verify.ly, a service that breaks down apps based on their security features — or lack thereof — in an effort to keep consumers informed about potential privacy risks. “Apps are essentially a ‘black box’ that users must trust with no way to know what it might do,” co-founder Will Strafach told TechCrunch in an email. He aims to change that by giving users access to information about how their apps function.

Verify.ly, which launched in public beta last week, offers detailed rundowns of the third party code libraries and software development kits used in an app, links to source code, and information about the app’s transport security enforcement settings and system APIs. For someone with a little bit of technical knowhow, it’s an information goldmine. But even if the world of SDKs and APIs is completely foreign to you, Verify.ly breaks down the important points so they’re easy to understand.

For example, the Verify.ly page for Snapchat shows when the app will encrypt your content in transit and when it won’t. Although you probably expect Snapchat to access your location data and contact list, you might not know that Snapchat also has access to your calendar and can read telephone call-related information.

“I want anyone to be able to look at what their apps are doing. That’s really important information and people deserve that,” says Strafach.

Strafach has a long history of testing and tinkering with iPhone security — he was jailbreaking iPhones while still in high school. Now, he’s turning his attention to apps themselves. “If an app was a book, the similar services [to Verify.ly] are only reading the ‘table of contents’ and getting a vague, okay understanding of things, while we are reading front-to-back and learning absolutely everything,” he explains.

If explanation via metaphor isn’t your thing, here’s the dirt on how Verify.ly works, according to Strafach:

“Other services look at the library imports, Objective-C class imports, and class/selector names within an app in order to make determinations. We also do this to gather some baseline information, but additionally perform a full and automated static analysis on the app binary. We record every function or selector that is branched to as well as the arguments for them, and if an input argument is obfuscated we will actually emulate the function with a simulated stack and heap to rebuild the contents and figure out what the app is trying to hide (usually private API use). This allows us to have a huge level of granularity, whether it is basic bits like URLs that are put together as format strings, or more nefarious uses such as building the string “LSApplicationWorkspace” and dynamically loading that API in order to view the list of installed apps on an iOS device (bad privacy invasion for casual users, potentially even more damaging for enterprises who are using internal and/or unreleased apps on their devices).”

Although the public beta is free, Verify.ly has plans for monetization, including vetting apps for use on enterprise devices and debugging apps for developers. Check it out and see how secure the apps on your iPhone really are.

Via: techcrunch

The White House releases policy to help government agencies go open source

The White House (led by United States Chief Information Officer Tony Scott) has been pretty vocal about using technology to improve how government operates. They want to make sure code helps, not hurts, government agencies, and that the U.S. government can use technology just as effectively as a private company can.

In March the White House issued a blog post detailing their intentions to bring the benefits of open source software to the government, and today they released the Federal Source Code policy, a set of rules that should help government agencies be more efficient with the code they write.

The main requirement is that any new custom source code developed “by or for the Federal Government” has to be made available for sharing and re-use by all federal agencies. For example, this means that the TSA can have access to custom made software that was commissioned by the FBI.

Considering there is probably a great deal of overlap in applications needed by certain branches of the federal government, this rule alone should save the government (and taxpayers) a great deal of money. The policy states that “ensuring Government-wide reuse rights for custom code that is developed using Federal funds has numerous benefits for American taxpayers.”

But what about making this code available to the public? This is obviously a little more complicated and controversial, because federal agencies often deal with information not available to the general public.

But that doesn’t mean the government isn’t going open source. The policy establishes a pilot program that is a compromise of sorts. Federal agencies will be required to release at least 20 percent of new custom developed code as open source software. While this is only a pilot, the hope is that it will encourage cost savings and increased efficiency within the federal government.

You can read the full policy here, which is a lengthy memorandum from Tony Scott to the heads of all the departments and agencies within the U.S. government. The memo is an interesting read, and talks about the technical aspects of the new policy (like what to do if a federal agency thinks making 20 percent of their software open source would be a risk to the nation’s national security).

It also notes that the White House will be launching Code.gov in the next few months, which will be the permeant home to the open source code released by these agencies.

Via: techcrunch

What your hacked account is worth on the Dark Web

Next time you sign up for a new website and it asks for a password, or your favourite social media site nags you for a phone number, or a site you use every day pesters you to set up two-factor authentication, take a pause.

What’s going through your mind?

Are you getting ready to jump at the chance to tighten up your security? Itching to drum up another impenetrable 14 character password? Reaching for your password manager? Pulling out your phone ready to read the soon-to-arrive verification code?

Hey, you’re a Naked Security reader so perhaps you are.

But what about the next person? Many of them won’t be doing any of those things. They’ll pass up 2FA and stick with their go-to password of 123456 or qwerty, even though they know what a strong password looks like.

They’ll do it and stay safe, in their own mind at least, because Elliot Alderson and his ilk aren’t interested in their Netflix account.

Hackers in popular culture are ideological, FBI-dodging cyber-swordsmen who penetrate the armour of sophisticated adversaries using precise rapier thrusts.

The problem (of course) is that real life is messy, dull and rarely telegenic. In the real world we have to worry about real criminals who aren’t carrying rapiers and aren’t interested in kudos or ideology.

The adversaries we have to worry about when we’re choosing our Twitter or eBay passwords are in it for the money and their approach isn’t so much cyber-fencing as carpet bombing – it’s untargeted and it doesn’t matter who gets hit because it’s “how many?” that matters.

Our accounts aren’t compromised one by one, they’re cracked en masse or exfiltrated in the millions and then bought and sold online.

According to account monitoring company LogDog, who recently took a fresh look at this burgeoning part of the underground economy, it’s such a lucrative trade that there are Dark Web sites selling nothing but logins, not even credit cards.

There are now stores completely dedicated to selling only online accounts, without even offering credit cards for sale. Fraudsters, it appears, have discovered the financial potential in targeting various online services instead of just banks and credit card issuers.

As you’d expect in any marketplace, prices fluctuate based on supply and demand, and the value that criminals can extract from the accounts they buy. But everything has a price:

While Paypal has, and still dominates … it is now possible to find Amazon, Uber, eBay, Netflix, Twitter, Dell and many more … Any account that can generate fraudsters money, or even help them receive a service for free, has a demand in the cyber underground.

…Uber, for example, are sought after by fraudsters simply because they provide “free taxi rides”. Demand for adult entertainment accounts is high due to interest for self consumption.

…eBay and Amazon are sought after … to steal money or credits from these accounts … Compromised dating site accounts are also often exploited for romance scams.

And here, according to LogDog’s research, is what your account is currently worth on the Dark Web:

Service Min. Price Max. Price
Brazzers $1
Yahoo 70c $1.20
Gmail 70c $1.20
Dell 80c $2
Uber $1 $2
Netflix $1 $2
Walmart $2.50
Twitter 10c $3
Mate1 Premium $4
Amazon 70c $6
Ebay $2 $10
eHarmony $10
PayPal $1 $80

Via: sophos

3.7 Million People Affected by Massive Data Breach at Banner Health

A wide range of information was exposed, from credit card numbers to patient data.

Banner Health, which owns and operates 29 hospitals in seven states, recently began notifying approximately 3.7 million patients, health plan members and beneficiaries, food and beverage customers, physicians and healthcare providers that their information may have been exposed as a result of a cyber attack.

On July 7, the company discovered that hackers may have accessed computer systems that process payment card data at food and beverage locations at some Banner Health facilities, potentially exposing the names, card numbers, expiration dates and verification codes for those who used payment cards at Banner Health food and beverage locations between June 23 and July 7, 2016.

Six days later, the company determined that the hackers may also have accessed patient information, health plan member and beneficiary information, and information on physicians and healthcare providers, beginning on June 17, 2016.

The potentially exposed patient and health plan information includes names, birthdates, addresses, physicians’ names, dates of service, claim information, and some health insurance information and Social Security numbers.

The potentially exposed physician and healthcare provider information includes names, addresses, birthdates and Social Security numbers.

“Banner Health worked quickly to block the attackers and is working to enhance the security of its systems in order to help prevent this from happening in the future,” the company said in a statement. “Banner Health is also working with the payment card networks so banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards.”

In a separate breach announced earlier this week, a hacker stole more than 150 GB of data from the Central Ohio Urology Group and posted a link to the stolen data online. The files posted include names, mailing addresses, phione numbers, birthdates, diagnoses, insurance providers and account numbers, DataBreaches.net reports.

Balabit product manager Csaba Krasznay told eSecurity Planet by email that patient data has real value on the black market, putting hospitals directly in hackers’ crosshairs. “Every healthcare institution must realize that their patients’ data is their most valuable data, and serious protection means, at the least, the introduction of the same security measures now protecting other sectors, with special attention to internal users whose stolen credentials are usually used in cyber attacks,” he said.

“From an IT security perspective, healthcare is one of the most interesting sectors, because so much sensitive personal data — such as previous diseases, drug usage habits, etc. — resides in digital format — often without proper security measures,” Krasznay added.

Michael Magrath, director of business development at VASCO Data Security, said by email that while banks spend from 10-12 percent of their IT budgets on security, recent studies have found that healthcare organizations spend just 3-7 percent. “Healthcare organizations must get serious about IT security,” he said. “CEOs need to be held accountable for this never-ending stream of breaches. 3-7 percent of an IT budget allocated to security just doesn’t cut it anymore, and organizations must step up.”

Via: esecurityplanet