Published on May 5th, 2015 | by admin
The Impact of a Cyber Attack
Picture this: the IT Security manager of a large company opens the mail his admin assistant just delivered. One letter addressed to him is from a company he is only peripherally familiar with. The letter states that his personal data may have been compromised due to a recent breach of the company’s computer network. The CEO states that he doesn’t believe the hackers got credit card information; however, they did get names, dates of birth, social security numbers, home addresses, email addresses, and employment information including income data. Because of his position, the manager understands perfectly well the gravity of the breach and has had similar concerns of this happening to his company. In fact, he decides to present the letter at his next board meeting, hoping it will help make the case for a more proactive role in protecting the network and his company’s assets.
A security breach similar to the above happened at Anthem, Inc. between December 2014 and January 2015. Anthem, Inc. provides medical insurance and claims processing for itself and numerous other health care organizations such as Blue Cross Blue Shield, Amerigroup, Caremore, Unicare, and others across the fourteen states where Anthem operates. A large percentage of the roughly 80 million people who had their personal information compromised are probably wondering how such a breach could happen. The majority of victims of cyberattacks don’t have the understanding of how hard it is to defend against such attacks – they just expect their personal information to be protected.
According to industry news site The Insurance Insider, Anthem has a cyber-insurance policy in the amount of 100 million dollars, which probably won’t cover the total impact of this breach. Much of that money will go toward notifying customers that their personal information has been compromised. How does the company insuring itself against the loss provide better protection for its customers? More importantly, how do they limit the impact when a breach does occur? Insurance won’t do that.
With so many large scale breaches in the news over the recent past, what does it take to change the mindset on how a company protects its data and customer information? Anthem will likely spend more cleaning up in the aftermath than they spent protecting their data in the first place, but many other companies could have very well suffered the same fate. Yet, changing the way companies protect their networks is analogous to a container ship trying to complete a 180⁰ turn in a too narrow channel with no outside help.
Technology evolves, and not just for the good guys. Hackers and criminal enterprises know the difficulty in turning that container ship and that it won’t be accomplished anytime soon. They’re counting on boards of directors not wanting to spend any more money than necessary to protect their networks. This is what gives them the edge. Hackers know what to look for. In this age of Advanced Persistent Threats (APTs), the bad guys do their homework, select a target, and focus all their resources on getting in.
Today’s companies need to leverage the latest technology to keep their systems protected from unwanted outside influence. While it’s a much easier conversation when convincing a board or shareholders to purchase the latest technology that gives them an advantage against their competitors, that same conversation needs to take place about protecting against APT attacks even in the aftermath to ensure rapid remediation. A crucial piece of your well-rounded cyber security approach is to understand and accept the inevitability of breaches and attacks.
Learn more about protecting your most important business risks with SS8 Communications Insight. Download Rapid Remediation: Actionable Insight, Analysis, and Visualization for the Enterprise.