Anthem Hack: Lessons For IT Leaders - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Anthem Hack: Lessons For IT Leaders
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
2/25/2015 | 1:22:36 PM
Re: Anthem Hack: Lessons For IT Leaders
@Yalanand: I agree with you. However if we factor into some of the shortcomings of making better locks (things like information leaking about the types of security you are using) then you would see having multiple locks would be a better option as breaking each of them would take time. I have learnt that IT security is about building weaker but huge amounts of walls that slow down the attack, rather than stop it entirely. 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
2/24/2015 | 8:03:48 AM
Re: Anthem Hack: Lessons For IT Leaders
@SachinEE, I understand. We've done a lot of enabling in the name of giving the end user as much data as we can but I also think that the amount of data being made available is one of the reasons people actually use the software.  People don't like being locked down and denied access to things that should be simple for them to have, they don't consider the security issues of making data easily accessible but that doesn't mean that denying them that access is good for the software developers.  If you have a perfectly secure product but no one is using it because they feel alienated you're not going to be in business long.  There has to be a balance and developers need to find that balance.  
Gigi3
100%
0%
Gigi3,
User Rank: Ninja
2/24/2015 | 4:32:14 AM
Re: McGladrey and Data breach advice
"but is that enough? I know many businesses are moving onto the cloud and the cloud security measures are being undertaken by third parties, is this a very secure method of asking a third party to develop security systems for us when we are exposing entire databases to these parties for them to secure it with their softwares?"

SachinEE, I know there are many risks in outsourcing the security part to third part vendors. Sometimes these peoples its self can act as a security threat!! We have similar issues with defense system; where the outsourced agency itself tried to spy the info's for their business stake.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 12:41:57 PM
Re: McGladrey and Data breach advice
Intresting information, IT departments should give more importance to prevent external threats which can affect IT systems of an organization.


@Anon: The most interesting thing is that the security breaches (about more than 40% of them) occur due to internal exposures. IT companies need to screen their employees because that is where most people fail and security breaches are carried out.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 12:29:39 PM
Re: McGladrey and Data breach advice
@gigi3: but is that enough? I know many businesses are moving onto the cloud and the cloud security measures are being undertaken by third parties, is this a very secure method of asking a third party to develop security systems for us when we are exposing entire databases to these parties for them to secure it with their softwares?
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 12:27:53 PM
Re: Anthem Hack: Lessons For IT Leaders
@saneIT: I know about the different chunks of data having different kinds of encryption but trust me, allowing users to have much visisbility was never the right option for any developer because that raises a lot of questions and criticisms and not just that, it opens up the data insecurities and also endangers the user data.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
2/23/2015 | 12:25:43 PM
The difficulties of security
@yalanand: Different kinds of security measures lean of different preferences. You may think making a better lock is easy but it is not, since the same kind of technology is available to the developer and the hacker, and of course there is the problem of whistle blowing in organizations, internal corruption has to be dealt with.
yalanand
50%
50%
yalanand,
User Rank: Ninja
2/22/2015 | 2:16:25 PM
Re: Anthem Hack: Lessons For IT Leaders
@zerox203, I think this becomes truer IF, the company is careful about how they are designing systems, how and where the data is stored as well as what is publicly visible.  We've had a mentality of giving as much data as possible to everyone even in very public applications.  I think that in addition to encryption and increased network border protection we're going to start seeing data split into chunks that will avoid catastrophic damage if one part of it is leaked without the others.


That is not so simple. Making new gates means deciding who gets to see/use what and for that we need different sets of keys to be managed. Don't make gates, make better locks instead.
Sacalpha1
50%
50%
Sacalpha1,
User Rank: Moderator
2/17/2015 | 3:39:48 PM
Anthem Should Be Punished for Breach
Note that my comments are all focused on Anthem consumer data and not employee data.  First, it is ridiculous that Anthem is storing social security numbers of consumers/insured.  HIPAA has required a non SSN based identifier for almost 10 years now and SSN is not required for any other valid insurance business purpose.  Add on top of this that the consumer/insured data was stored in an unencrypted format makes this pure negligence.  Also note these are the same bozos that had their insurance applicant system hacked about 3 years ago.  You'd think they would learn.

Until there is some consequence for companies, they will not change their behavior.  And there is no real consequence for Anthem.  They are in a fairly protected business with minimal customer turnover.  What are people going to do....stop their insurance?  And the complexity of corporate negotiation around benefits adminstration means few companes will take any action to change insurance adminstrators.

I am not a fan of big government, but this is one time I think the government should go after Anthem with both barrels, especially considering this is the second major incident in a relatively short period of time.  Anthem should be forced to pay $10s of millions in fines to the government, punitive monetary damages to every insured, and criminal negligence charges should be filed for storing unneeded SSN data (in violation of HIPPA) in an unencrypted format.

This kind of signifianct penalty is the only thing that will cause companies to change the way they behave.  Most companies like to make you think they care in their marketing and branding but in matter of fact their business processes say they don't care.  It's time for the public to stop accepting this kind of corporate behavior.
SaneIT
100%
0%
SaneIT,
User Rank: Ninja
2/16/2015 | 8:08:25 AM
Re: Anthem Hack: Lessons For IT Leaders
"I'm the first one to question whether we really need comprehensive security measures on every piece of data at every company"

@zerox203, I think this becomes truer IF, the company is careful about how they are designing systems, how and where the data is stored as well as what is publicly visible.  We've had a mentality of giving as much data as possible to everyone even in very public applications.  I think that in addition to encryption and increased network border protection we're going to start seeing data split into chunks that will avoid catastrophic damage if one part of it is leaked without the others.

 
<<   <   Page 2 / 3   >   >>


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
Commentary
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll