Radware survey finds significant numbers of data breaches in 2017
Radware, a leading provider of cyber security and application delivery solutions, has released a new study today titled Radware Research: Web Application Security in a Digitally Connected World. The report identifies how organisations, from retail, finance and healthcare protect their web applications, buyt has identified a number of gaps in security processes.
The healthcare sector, from insurance companies and acute healthcare facilities, to pharmaceutical businesses are all impacted by bot-driven web traffic, affecting application security. In fact, the study has indicated that across the three industries, bots conduct more than half (52%) of all Internet traffic flow. For some organisations, bots represent more than 75% of their total traffic. This is a significant finding considering one-in-three (33%) organisations cannot distinguish between ‘good’ bots and ‘bad’ ones.
The report also found that nearly half (45%) of respondents had experienced a data breach in the last year. What’s more, companies often leave sensitive data under-protected, or at risk of having encrypted traffic breached. In fact, 52% do not inspect the traffic that they transfer to-and-from APIs, and 56% do not have the ability to track data once it leaves the company. Healthcare organisations are particularly unlikely to monitor the Darknet for stolen data, with 37% saying they did so, compared to 56% in financial services, and 48% in retail.
However, any organisation that collects information on European citizens will soon be required to meet the strict data privacy laws imposed by General Data Protection Regulations (GDPR). These regulations take effect in May 2018.
- How GE Healthcare has harnessed digital technology to transform itself and the world around it
- Amazon shares could climb 20% if the company joined healthcare industry
- Microsoft Health: The healthcare revolutionaries
However, with less than a year until the due date, 68% of organisations are not confident in their organisation’s ability to rapidly adopt security patches and updates without compromising operations. Although healthcare providers have placed significant investment in medical equipment, they are often supported by old, outdated systems which run on Windows XP, according to the study.
Patching systems remains a critical element to an organisation’s security and its ability to mitigate today’s leading threats. Over 60% of healthcare respondents have highlighted little or no confidence .
“It’s alarming that executives at organisations with sensitive data from millions of consumers collectively don’t feel confident in their security,” commented Carl Herberger, Vice President of Security Solutions at Radware. “Until companies get a handle on where their vulnerabilities are and take steps to protect them, major attacks and data breaches will continue to make headlines.”
Just 27% of healthcare respondents have voiced confidence that they could safeguard patients’ medical records in the study, even though nearly 80% are required to comply with government regulations.
The survey, conducted by Ponemon Research on behalf of Radware, included responses from more than 600 Chief Information Security Officers and other security leaders across retail, healthcare, and financial services in six continents. Over 200 healthcare security executives undertook the study, and have strongly stated that the sector is behind.
Advances in health "must ensure self-sovereign identity"
The UK government has announced that from September onwards COVID-19 vaccine passports will be necessary to gain entry into places with large crowds, such as nightclubs.
This has reignited the debate between those who believe having proof of vaccinations will enable people to gather in public places and travel safely, and those who view the digital certificates as an attack on personal freedom.
The arguments have increased in intensity since the recent announcement to drop COVID-19 restrictions in England, in a move to reopen the economy that has attracted fierce criticism both domestically and overseas.
Cross-party ministers are set to defy the government’s latest plans to introduce vaccine passports over civil liberties concerns. A number of MPs have already signed the Big Brother Watch declaration against “Covid status certification to deny individuals access to general services, businesses or jobs” in recent months.
However Mark Shaw, CEO of Tento Applied Sciences, says the Big Brother Watch campaign is based on false assumptions. “Big Brother Watch puts forward a compelling argument based around civil liberties, but some of the assumptions they make are simply incorrect” he says.
“For example, the BBW campaign claims that all Covid passes are discriminatory, counterproductive and would lead to British citizens having to share personal health information with anyone in authority, from bouncers to bosses. However, there are already privacy-first digital wallets that give individuals the freedom to store and share anonymised medical documents, work credentials and other types of documentation quickly, simply, and securely.
“I wholeheartedly agree that individuals should not be required to share their own personal health information with unknown third parties or with anyone in authority who demands it" Shaw adds. "But I strongly disagree with the suggestion that ‘events and businesses are either safe to open for everyone, or no one’. It creates a false dichotomy that either everyone is safe, or nobody is safe. If employers or event organisers don’t take action to properly manage workplace or venue safety, then they risk curtailing the safety and freedom of movement for the majority."
The subject of personal health data is under scrutiny in the UK at the moment, following controversial plans for the NHS to share patient data with third parties. These have been put on hold following public criticism.
Meanwhile a new report has found that the majority of the British public is willing to embrace digital healthcare tools such as apps and digital therapies prescribed by a trusted healthcare professional.
Shaw adds: “The vital point to make is this: innovations in health technology must ensure self-sovereign identity. This means the data held about an individual is owned by the individual and stored on their device. And, in the case of medical data, that data can be delivered from healthcare professionals to the device in an encrypted format, and the user chooses how they share their information."