July Security Update: Tips for Keeping Data Safe

It’s never been more important to update legacy IT, follow security standards and best practices, eliminate ways to avoid using strong passwords, and patch vulnerabilities quickly.

Data Breaches Impact More than Half of Healthcare Organizations

SOTI’s report, The Technology Lifeline: Charging Digital Progress in Healthcare, states that 59 percent of healthcare providers have experienced one or more security breaches since 2021. Additionally, 45 percent trace breaches back to an outside source or a distributed denial of service (DDoS) attack, and 46 percent experienced an accidental data leak that an employee caused.

Research for the report also found that 47 percent of healthcare IT workers believe legacy systems expose their organizations to cyberattacks, and 53 percent can’t detect when new devices connect to their systems.

Healthcare IT’s top concerns are patient information not adequately backed up (87 percent), the cost and reputational damage that a data breach causes (69 percent), and lack of employee training or lost and stolen devices (45 percent).

Action Items:

The report concludes that healthcare organizations, with the help of IT solutions providers, should:

  • Ensure all devices, including laptops, smartphones, printers, and scanners and advanced technologies like artificial intelligence (AI) and virtual reality (VR) are integrated, maintained, and managed effectively.
  • Ensure new sources of data complement existing systems to create a single source of information that healthcare organizations can update in real time and back up to protect data.
  • Plan for new tech implementation to include management of these solutions.

OWASP Issues Bill of Materials Standard

The Open Worldwide Application Security Project (OWASP) launched CycloneDX version 1.5, a bill of materials (BOM) standard to promote transparency and compliance in the software industry.

It includes machine learning transparency, formulation, and software bill of materials (SBOM) quality indicators. The standard will allow organizations to more effectively identify and reduce risks in their software supply chains.

Action Items:

Jamie Scott, founding product manager at Endor Labs, says, “Different tooling providers have generally never had standard and prescriptive guidelines to guide them on creating high-quality SBOMs. This has led to a major ‘garbage in garbage out’ problem across tools, which has made it difficult for software consumers.”

  • Following the OWASP standard allows you to overcome this challenge.

Password Habits Vary by Generation

A study by Geonode has uncovered trends that can help improve online security by addressing generational differences. Key findings of the report include:

  • Gen X has balanced password reuse, while 31 percent of baby boomers reuse passwords frequently. Millennials and GenZ are the biggest offenders of password reuse, with 37 percent of millennials reusing passwords very frequently and 24 percent of Gen Z reusing passwords” extremely frequently.”
  • People from different generational groups also create passwords differently. For example, baby boomers use personal information (“John1948”), Gen X combines personal info and phrases (“NirvanaFan!”), Millennials opt for leetspeak and passphrases (‘p455w0rd’, ‘ChocolateIsMyFavoriteDessert!’), and Gen Z creates random strings (‘Rt1$7#A9k8Z&3n’, ‘Apple37#Banana%Starfish’).

Action Items:

Genode offers tips for password security that can overcome generational differences:

  • Educate users to avoid incorporating personal information into passwords, making it easier to guess or discover.
  • Encourage users to use a mix of letters, numbers, and symbols to make passwords more difficult to discover.
  • Suggest using passphrases, which are easier to remember than complex passwords.
  • Use a password manager so users don’t have to commit all passwords to memory and can regularly change them with minimal disruption.

Soko Vulnerabilities Discovered

Researchers at SonarSource have discovered several SQL injection vulnerabilities in Soko, which is deployed on Linux Gentoo. The two vulnerabilities in the search feature of Soko could lead to remote code execution (RCE) due to a misconfiguration of the database.

Action Items:

  • Research the two issues, tracked as CVE-2023-28424 (CVSs score = 9.1)
  • Update any version of Soko to the latest patched version.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.

Datacap - We Solve Payment Problems
Jay McCall

Jay McCall is an editor and journalist with 20 years of writing experience for B2B IT solution providers. Jay is a cofounder of Managed Services Journal and DevPro Journal.