We know the problems with the Anthem Breach: no encryption
But does it mean you should encrypt your data?
What does it mean to “encrypt the data”
What if your data is “stolen” with correct credentials, i.e. if someone has the username and password then it is over, whether the data is encrypted matters not.
The million dollar question is whether you can keep the criminal out of your computer. If the criminal is there slowly but surely they will try and gain more access. Once they have some access, the drive is there to access higher credential accounts (some which may have all the keys to a Database).
Why? Greg Virgin(CEO of RedJack) found Medicare numbers worth $4700 for 10 accounts at npr.org – (very long URL) is the story.
Anyone can see that 1000 accounts could be worth $470000
and it only takes 10000 accounts to be worth $4.7 mil.
Obviously the criminal world is taking notice, and even if an account sells for half that $2.5mil are not bad wages.
So we must protect our medical data more than any other.
Now that we are living longer: “A Retirement Age of 100? It’s Coming”
We are forever in the same loop of news in the security field:
1. Large Breach at well-known company
2. Software companies releasing patches which cause problems (Microsoft patches in February caused reboots etc.)
Here is the detailed links at the Internet Storm Center https://isc.sans.edu/forums/diary/Microsoft+Update+Advisory+for+February+2015/19315/
Cisco AnyConnect Client problem(due to KB3023607): https://isc.sans.edu/forums/diary/Microsoft+February+Patch+Failures+Continue+KB3023607+vs+Cisco+AnyConnect+Client/19331/
3. CIO, CISO, and all the CxO take time to review their options and make decisions good for their business underestimating the true nature of the cyber criminals.
If an industry is outright attacking you with a warchest in the millions of dollars do you think you can spend as little as possible to defend yourself?
We have to assume employee mistakes, build cyber defenses with encryption and without protecting our data from the multi-million dollar attack industry out to get the data.
We have no choice we must defend by test attacking our network.
There must be somebody testing our defenses to give more eyes on the problem of defending your data (the new gold of the Internet).
Where is the data now? the cloud? encrypted? what if theemployees are the weak link?
Pay the money to have a second pair of eyes on your network.
Either that or get more cyber insurance.