Another Breach and you are probably affected!
Today it was announced that Anthem was breached. 80 Million people affected and you may have been one of them. So now what? Do you sit around an worry if your info will ever be used against you? Do you feel angry and wonder why someone would do this and why it was not prevented? Do you just move on with your life and ignore it? I know what I am going to do.
I am going to do the same thing I have been doing which is closely watch my bank account and my credit report. To me that is the best defense against all of this short of going back to the days of keeping money in the freezer or something like that (might raise a few eyebrows too)
The feeling is helpless so what can we do? Our data goes into the hands of so many companies on a daily basis. This is why I find it interesting when clients talk to me about going to the cloud and if it is safe or not. I tell people that I would much rather take my chances with the likes of Google who invests millions of dollars to protect data.
Today is another example of how truly difficult it is to protect data. All over the place there are companies struggling with understaffed and frankly under educated (about Info Security) technical staff just trying to keep up with daily operations facing more and more pressure. The shortage of Info Sec (Information Security) professionals is seen as one of the largest skills shortages for IT for the 4th year running. Not enough people are getting into it and the good ones all work for large companies for the most part so how will we catch up?
I have been involved heavily on the security side now for the past few years and I have seen this trend from trying to prevent things like virus outbreaks and attacks to now struggling just to detect them. I recently had a case where it took 4 different virus scanners before I found anything wrong on a client's network. 4. That is scary. The way things can be concealed is alarming.
Early reports on the Anthem breach state that the company knew something was going on since December 10, 2014. So it was detected but they probably did not know exactly what they were dealing with until they finally found that proof. A company that size can not just "think" something is going on and then take a precaution like shutting down systems. They have to first figure out the what, how to stop it and then the why. It isn't easy in a little company and I know it is really hard in a big company.
So what can we do about it besides get mad at these big companies we think should have the resources to prevent this? First, get real because it is not preventable in our current culture. Today's breach sounds as thought it was some sort of sophisticated malware that got on to the system probably by someone inside. I am not saying it is hopeless but the good guys seem to be chasing the bad guys and the bad guys keep getting further ahead. What this last breach does to the (Info Sec) industry is too hard to tell. Will HIPPA laws get tighter? Will PCI-DSS become mandatory and actually be checked? I don't know but I can tell you something will be triggered from this one and the future breaches we will be having I am sure. Only one thing is for sure. It will be a long 2015 from the looks of it!
No comments:
Post a Comment