The publishers of the always-informative online publication Bank Info Security are now tackling the healthcare industry with a new site called Healthcare Info Security. This site should be a great resource for HIPAA and HITECH compliance information and other technology issues that face the healthcare industry.

In one of the first articles posted to the site, Proofpoint customer Crystal Run Healthcare discusses how they solved their secure email issues and protect private health information (PHI) in email.

In "Secure E-mail Cures Headaches," IT director Miguel Hernandez discusses how email encryption is used to secure communication between doctors and patients, share private information with business partners including accountants and lawyers and help with ensuring HIPAA compliance.

"Considering the cost of secure email, as opposed to the cost of litigation over a HIPAA violation," says Hernandez, "It's certainly worth it."

The article is a good view into the real world issues that all types of healthcare organizations are facing vis-a-vis securing email. Several other Proofpoint resources related to email encryption, HIPAA compliance and the healthcare industry include the following whitepapers:

Whitepaper: HIPPA and Beyond: An Update on Healthcare Security Regulations for Email

Whitepaper: Protecting Enterprise Data with Proofpoint Encryption

Byron Acohido at USA Today has an interesting article out today (see "Cybersecurity Stocks Look Hot in 2010") positing that tech security companies are "poised to become Wall Street darlings this year, thanks in part to Google's tiff with China."

Quoting an analyst at FBR Capital Markets, he says the Google-China row has underscored the already positive outlook for stock price performance of diversified security vendors such as McAfee, Symantec and Check Point and that the security sector is underinvested. As we point out at Proofpoint quite often, IT security (including email security and data loss prevention) solutions simply aren't optional and large enterprises and government organizations can't delay purchases of such solutions.

 Statistics from IDC are also quoted, noting that worldwide spending on IT security rose 6% in 2009 and is expected to grow another 9% in 2010.

The article notes that prospects for privately-held security companies are also looking very positive:

"Meanwhile, the rising incidence — and visibility — of cyberattacks also is boosting prospects for privately held tech-security firms, says Asheem Chandna, a partner at Greylock Partners, a leading Silicon Valley venture capital firm.

Private firms with strong balance sheets and good growth prospects that might be viewed as viable candidates to float an initial public stock offering include Sophos, Barracuda Networks, Qualys, Proofpoint and Tripwire, Chandna says. He estimates 30 to 50 tech firms could go public this year, including three to five tech-security companies."

Proofpoint's growth has been extremely strong over the past few years as Proofpoint watchers already know. We recently closed our 26th consecutive quarter of record revenue as I noted in a recent blog post (see "Proofpoint News this Week: Another Quarter of Record Proofpoint Revenue, Updated Channel Partner Program).

You can read the full USA Today story here: Cybersecurity Stocks Look Hot in 2010

I've seen a few reports of this from random folks on Twitter, but now the Scott Panzer over in the Proofpoint Attack Response Center has confirmed that we have samples of spam messages that appear to be exploiting Google Maps to send spam.

The messages, which have subject lines like "[email address] sent this to you using Google Maps:" followed by some additional (possibly randomized) text, don't contain a link to a Google Map, but instead have a link to a spam payload hosted at imageshack.us.

The image spam payloads advertise old standbys like Canadian Pharmacy (you know, in case you needed a source for "cheap Viagra").

The messages seem to be exploiting a weakness in Google Maps (either an exploit that gets around Google Maps CAPTCHA or an automated way to break Google Maps CAPTCHA) that results in the message being sent from Google servers... Which means that the messages are also DKIM signed as valid Google email.

While we've not seen very high volumes of this sort of spam (yet?), I'm assured by the PARC team that Proofpoint Spam Detection now blocks any of these spam messages that may have been evading detection.

Clever press release out today from our friends at analyst firm Gartner promoting their upcoming "Gartner Portals, Content and Collaboration Summit" with five interesting predictions about social media and social software in the enterprise.

The one that most caught my eye was a prediction that, by 2014, social networking services will replace email as the primary vehicle for interpersonal communications... for 20% of business users. By way of explanation, Gartner notes greater access to social networking services in the enterprise, along with organizational culture and demographic shifts will lead 20% of users to make a social network "the hub of their business communications."

I wouldn't dispute that claim. Gartner goes on to note that over the next few years, most companies will either build out their own internal social networks and/or allow business users access to personal social networking accounts. Social networking, they say, "will prove to be more effective than email for certain business activities such as status updates and expertise location."

Analyst Matt Cain (who covers email, collaboration and related topics at Gartner) says:

"The rigid distinction between email and social networks will erode. Email will take on many social attributes, such as contact brokering while social networks will develop richer email capabilities. While email is already almost fully penetrated in the corporate space, we expect to see steep growth rates for sale of premises- and cloud-based social networking services."

Hard to argue with that. For some related commentary, see some of my earlier posts including:

• Facebook Enables Commenting by Replying to Notification Emails: Will this be Exploited to Harvest Email Addresses?
• Should Bosses "Friend" their Employees? Social Media Statistics, Risks and Policy Suggestions
• Facebook Fired: 8% of US Companies Sacked Social Media Miscreants

Amongst Gartner's other predictions for social media:

• By 2012, over 50 percent of enterprises will use activity streams that include microblogging (i.e., public services like Twitter), but stand-alone enterprise microblogging (i.e., services like Yammer) will have less than 5 percent penetration.
• Through 2012, over 70 percent of IT-dominated social media initiatives will fail. Gartner says that, "Enterprises will need to develop entirely new skill sets around designing and delivering social media solutions. Until this happens, failure rates will remain high. A dearth of methods, technologies and tools will impede the design and delivery of social media solutions in the near term."
• Within five years, 70 percent of collaboration and communications applications designed on PCs will be modeled after user experience lessons from smartphone collaboration applications. Gartner explains, "Just as the iPhone impacted user interface design on the desktop, the lessons in the mobile phone collaboration space will dramatically affect PC applications, many of which are derivatives of decades-old platforms based on the PBX or other older collaboration paradigm."
• Through 2015, only 25 percent of enterprises will routinely utilize social network analysis to improve performance and productivity. This one is really interesting as well. Gartner notes that "social network analysis" may be useful for understanding the interaction patterns and information flows among the people and groups working in an organization (in addition to interactions with business partners and customers). But care must be taken to address issues of privacy and confidentiality regarding how such analyses will be used and communicated. "Establishing the ground rules upfront will encourage more open and honest participation and reduce the resistance to ongoing relationship monitoring," they say.

You can read Gartner's entire press release, "Gartner Reveals Five Social Software Predictions for 2010 and Beyond" at the following URL:

http://www.gartner.com/it/page.jsp?id=1293114

Update: Analyst Mike Osterman (of Osterman Research fame, follow him on Twitter @mosterman) pointed me toward a similar article he wrote for NetworkWorld way back in July 2008! Worth a read as he has reposted it today. See: "What will truly unified communication be like?" Excerpt:

"Instead of having multiple email addresses, instant messaging handles, phone numbers, etc., each of us would have just a single address – either an email address as we have today or a phone number. To support this, we would have a powerful directory system that would be populated with information on all of our various modes of communication – published and unlisted phone numbers, email addresses, instant messaging handles, etc. – as well as detailed information on our preferred methods of communication based on time of day, day of the week, presence status, travel status and, perhaps, even our current mood based on biometric sensors at our desk or on our mobile device."

Interesting stuff from Mike, as always!

Must be "scams on the rise" day here at the email security blog. Moments after my previous post on rises in phishing and vishing, one of my colleagues alerted me to a BBC story (see "Scams Affect One in 10 Britons, Says OFT") with some interesting statistics about how often consumers are victimized by scams.

Britain's Office of Fair Trading (OFT) issued some new statistics about scams as part of their annual "Scams Awareness Month" campaign for 2010. New research by the OFT reveals that mass-marketed scams that "mislead people to part with their cash" and may arrive by regular postal mail, text message, telephone or online (e.g., email and web) vectors have affected nearly 10% of British citizens.

Among the OFT report's findings:

You can find the OFT's original press release at the following link:

OFT Launches "Scamnesty" as New Figures Reveal Scale of Problem and Rise of Online Scams
http://www.oft.gov.uk/news/press/2010/07-10

Just as we've done here on numerous occasions, the Office of Fair Trade issued a good list of tips for avoiding being victimized by a scam. Says the press release:

To help protect yourself and those you care about, the OFT is encouraging people to remember the following tips:

• Stop, think and be sceptical. If something sounds too good to be true it probably is.   
• Do not be rushed into sending off money to someone you do not know, however plausible they might sound and even where an approach is personalised. 
• Ask yourself how likely it is that you have been especially chosen for this offer - thousands of other people will probably have received the same offer.
• Think about how much money you could lose from replying to a potential scam - it's not a gamble worth taking.

For Proofpoint's own tips on staying safe from online scams, see our latest such press release with seven simple rules for staying safe online.

A couple of interesting articles from the always awesome Bank Info Security today, noting that various forms of phishing are on the rise. First up, the Anti-Phishing Working Group (APWG) reported that all types of phishing are on the rise. In the APWG's report for the third quarter of 2009, phishing reports to the organization rose to a record 40,621 (in August 2009). More, including some quotes form the APWG's chairman, Dave Jeavans, here:

BankInfoSecurity: Phishing Trends: Numbers up, Corporate Accounts Targeted

Phone-based phishing scams (often called "vishing" - for VOIP or voice phishing) have also surged recently. In an article out today (Vishing Scam: Four More States Struck, Five Institutions Say Customers Received Fraudulent Calls) Linda McGlasson at BankInfoSecurity reports that:

"Financial institutions in Michigan, Wisconsin, Minnesota and Mississippi report being hit by these "vishing" attacks in the past two weeks. Five different institutions -- three credit unions and two banks - say their customers have received vishing calls from fraudsters."

The article includes details of the various attacks.

Links:

Phishing Trends: http://www.bankinfosecurity.com/articles.php?art_id=2119&rf=013010eb

APWG Report: http://www.antiphishing.org/reports/apwg_report_Q3_2009.pdf

New Vishing Attacks: http://www.bankinfosecurity.com/articles.php?art_id=2138