Hello. This segment deals with industry specific data security challenges. In this segment, we will focus on four industries with specific data security needs. You will learn about the unique data security and protection challenges for healthcare, transportation, financial and insurance markets, and retail industries. Each industry has its own unique data security challenges. Often, there are specific regulations for an industry that must be complied with. Malicious actors understand the unique vulnerabilities of these industries and so should you. Let us start with the healthcare industry. The healthcare industry stores a combination of sensitive information, including personal health information and payment card data. Both are vulnerable to inadvertent as well as deliberate misuse. That means we must implement processes and procedures that promote safe handling of an information, provide safeguards for the imperfection of even well-intentioned humans, and provide a path for dealing with security breaches quickly and effectively when they occur. This must balance with the requirements to provide quick and reliable access to necessary personal health information across various parts of an organization and even between healthcare entities. As an example, a patient suffering from a heart attack needs emergency medical technicians, emergency room doctors, cardiologists, nurses, and medical technicians to be able to input, edit, and view health data in an environment where minutes, even seconds, count. But that data also must be shared with a primary care provider and with designated family members as well as insurance companies. It may even need to be shared with a government entity, such as a national health insurance program. Yet at the same time, a heart attack patient has a right to privacy. The boundaries may be unclear. Perhaps a spouse has need for access, but due to a family situation, a sibling must be explicitly excluded. The healthcare industry is also subject to strict data protection regulations. The Health Insurance Portability and Accountability Act, or HIPAA, regulates the privacy and security of certain types of health information. The healthcare industry is also subject to financial standards and regulations such as Payment Card Industry Data Security Standards, or PCI DSS, due to payment information being processed. Finally, healthcare can reach across state or national boundaries, requiring compliance with regional or national standards as well. Healthcare has the highest cost per breach record, about triple the average cost, making data security protection vital to maintain the financial soundness of a medical organization. Data security is critical to keep the business viable and to meet regulatory requirements. Now let us consider transportation. As a critical part of national and regional infrastructure, transportation presents its own challenges. Transportation data security requirements melt government and private sectors. Sensitive data may run a confusing gamut through multiple vendors and government agencies, making it difficult to determine who holds final responsibility. The IT infrastructure is generally widely distributed. Take the example of a toll road. It may pass through multiple governmental jurisdictions on the local, county, state, and even national level. Assets may be government owned, but managed by private companies. Services from multiple regions must be integrated to provide a single seamless offering. As an example, a smart card that works on one transit system may be expected to work on another that is physically co-located, but managed by a totally different entity. Sensitive data, including license plate numbers and payment card information are vulnerable to abuse. Should toll card information be available to traffic enforcement authorities? A red light camera will capture sensitive location information for law abiding citizens as well as red light violators. How is that data to be stored and separated? Civil liberties and personal rights considerations must be considered. It is much harder to identify or designate a central responsible authority in many transportation entities. Centralized solutions are harder, if not impossible, to implement. Data must be protected as it transits the system as well as at rest. Now let us turn to financial industries and insurance. There's a story that American bank robber, Willie Sutton, was asked why he robbed banks, and he replied, "Because that's where the money is". This story, now considered to be apocryphal, gets to the crux of the challenge with financial industries. Not surprisingly, financial services and insurance are the most targeted industry with 19 percent of total cyber attacks in 2018. This sector handles highly sensitive data. Both internal and external actors have strong motivation to steal, change, and improperly exploit data. At the same time, customers want personalized, seamless, digital management of assets. They want to reliably sell or trade stocks and mutual funds. They want to be able to pay bills, deposit checks, and transfer money between banks or credit unions. When they go to an automated teller machine, they want to be able to withdraw money no matter which financial institution owns the machine. We are also witnessing the rise of mobile payment applications, another example of how consumer demand is driving the industry to provide services that must have proper data security and protection measures in place. There are many industry specific regulations and standards. We have already mentioned the payment card industry data security standard. Additionally, there are other regulations, standards, and entities, such as the Financial Industry Regulatory Authority Incorporated, FINRA, the Sarbanes-Oxley Act, SOX, and Basel I, II, or III, just to name a few examples. A financial services company may have to comply with regional standards, such as the New York Department of Financial Services Regulation 23 NYCRR 500 regulation on cyber security, as well as national and international regulations and standards. Additionally, loss business is the biggest contributor to this sector's data breach costs. Customers will not do business with a company that they do not trust. Finally, let us look at the retail industry. Retail organizations are highly targeted. There are many opportunities for dataset and exposure due to the many access points in the retail data cycle. Internet of things, IoT devices, such as distributed points of sale, must be integrated into the data security solution. Data must be protected in transit. Low profit margins also may cost reduction and streamline operations important. Retail companies may look to Cloud-based offerings. Customers want personalization of their retail experience while still maintaining privacy and security. This requires data, but the more data retailer collects and uses, the more vulnerability and risks they take on. PCI DSS compliance is an important factor in this environment. In this section, we have examined industry specific concerns. In the next section, we will address the 12 critical data protection capabilities.
