The health care industry had the worst security average of every industry surveyed in all four quarters, according to IT security specialist Agari’s TrustScore report.
The TrustIndex provides email "threat" ratings (ThreatScore), or the volume of cyberthreats targeted toward any given company’s consumers via email, and email "trust" ratings (TrustScore), or how well companies are protecting consumers from email cyberthreats.
"The most worrisome security issues in the health care industry is that the industry historically has not paid attention to cybersecurity," Patrick Peterson, CEO of Agari, told eWeek. "It’s that simple, and makes the industry more prone to attacks. We’ve seen this play out in the recent months with the Community Health Systems and Anthem breaches."
Peterson explained that similar to the financial industry, health care organizations have large amounts of personal data that can be sold on the black market, and cyber criminals quickly see the various opportunities.
ix of the 14 major health insurance companies surveyed scored a zero TrustScore rating in the first three quarters of the year, though declined to four with zero scores in the fourth quarter of 2014.
The payment industry – which includes firms such as PayPal and Western Union – had middling average ThreatScores in the first and second quarters of 2014, but saw those numbers spike into the double-digits in the third and fourth quarters.
"The financial industry is in the same boat as health care, in that both industries have large amounts of personal data that, if exposed, could be detrimental to the companies and clients," Peterson said. "Mobile banking just increases the likelihood that someone checking email on their phone will click on a phishing email and end up logging in to a spoofed banking site."
Similarly, European megabanks experienced a surge in email attacks, with their average ThreatScore nearly quintupling to 30.5 in the third quarter from 6.3 in the prior period.
In terms of businesses with flawless email security stores, there has been progress, as the number of TrustScore Rock Stars — those with perfect 100 scores — almost doubled in 2014.
However, this was merely an increase from just seven companies to 13 of the 147 companies whose domains were surveyed.
"The industries and organizations in the safe zone are the ones who have implemented security best practices from the beginning," Peterson said. "They understand the need to keep their data and their customer’s data safe, and what the implications of taking cyber security lightly are. Companies are pushing to get standards in place to help protect everyone from cybercriminals."
He explained one of those initiatives is DMARC, which is the only security solution enabling Internet-scale email protection and preventing fraudulent brand abuse for email-borne cyber attacks.
The TrustIndex contains ratings developed by the company that reflect how fully organizations have deployed three standards (SPF, DKIM, and DMARC) across their primary active domains.
source: eweek
