State of New York Fully Justified in Demanding Insurance Companies Document Cybersecurity Stance
“High Bit Security fully endorses the efforts of New York in assessing the cybersecurity posture of their state´s largest insurance carriers, a warning to businesses with Personally Identifiable Information (PII), Private Health Information (PHI) and Payment Card Industry (PCI) data to get proactive regarding cybersecurity.
Rochester MI (PRWEB) June 04, 2013
On May 28th, New York Gov. Andrew Cuomo required the 31 largest insurers regulated by the state to provide information surrounding their cybersecurity preparedness. New York State is seeking information to determine what attacks these companies have experienced over the past three years, definition of their cybersecurity measures in place, IT Management policies, funding and resources dedicated to cybersecurity, and information on governance/internal control policies related to cybersecurity.
“This move by New York State is sure to be replicated in many other states and across many more business sectors than just the insurance industry”, said Barb Goushaw, CBDO for High Bit Security. “Just think about the amount of sensitive information many businesses possess, and the inappropriate purposes the information could be used for — personal identity theft, medical identity theft, intellectual property theft, credit card data theft. Cyber criminals and nation states are generating billions of dollars by stealing this information from US companies.”
“High Bit Security applauds the efforts of Gov. Cuomo to assess the cybersecurity stance of an industry with such high amounts of sensitive data on their systems”, says Adam Goslin, COO for High Bit Security. “High Bit Security expends significant resources evangelizing to business owners across a myriad of business sectors to improve their understanding of the risks posed to their businesses and the information their customers trust them to protect.”
High Bit Security´s 2012 review of their IT Security (penetration testing) engagements revealed that over 95% of the companies they tested had security vulnerabilities , and a full 100% of the companies that had never performed proactive security testing had serious vulnerabilities in their external and internal network, host configuration, applications, web services or wireless systems.
“We have seen staggering and sobering statistics from our testing for years.” said Goslin. “It is alarming how few companies take their security seriously enough to engage in proactive penetration testing. Many of our customers that test for the first time are shocked at how many security holes are found. Typically, they have either IT Staff or an outsourced IT Support Company or Hosting Facility that they entrust with their security, but these business owners need to understand — security is a specialty. The personnel or companies they have in place are reputable, but security is not their specialty.”
“Companies that assume their security is covered by the existing IT staff or service provider and depend on automated scanning and monitoring solutions are a security problem waiting to happen.” said Goushaw. “But compare this to your personal health. If your general practitioner refers you to a heart specialist, that doesn’t mean he’s a bad doctor. It means he’s a good doctor. It makes sense to bring in a specialist to partner with the existing IT provider.”
“Penetration Testing will provide an in-depth evaluation of the security posture of an organization, and will also reveal how well internal policies/procedures are functioning and the effectiveness of security solutions presently being leveraged”, said Goslin. “It is not to say that penetration testing is the only solution needed — there are a whole host of tools, vendors, policies and procedures that need to work harmoniously to mitigate security problems for an organization, and there is no silver bullet. Many of our customers are shocked to realize that their vulnerability scanner of choice is leaving security vulnerabilities in their systems, because there are many security issues scanning solutions will not identify. Businesses also need to realize that the security companies providing what they term ℠penetration scans´ are really nothing more than a glorified vulnerability scan, leaving them equally at risk.”
The complete story of the insurance company request of Gov. Cuomo can be reviewed here.
About High Bit Security:
High Bit Security is a national security services provider, providing penetration testing solutions to clients who need to protect sensitive data in industries such as Healthcare, Credit Card, Financial, or companies that otherwise store Intellectual Property or Personally Identifiable Information. High Bit Security also provides security consulting services to our clients to assist them with their compliance objectives across PCI-DSS, PA-DSS, HIPAA, SSAE-16 evaluations or wish to perform a security best practices audit of their organization. Contact High Bit Security today for a free consultation to take steps toward protecting your sensitive information. http://www.HighBitSecurity.com 800-757-3144
For the original version on PRWeb visit: http://www.prweb.com/releases/prweb2013/6/prweb10794360.htm