Editorial: Cutting the Cord on Laggard Security – The Anthem Hack and Corporate Incompetence

>

I was stunned to read that the Anthem hack involved up to 80 million records, including names, birth dates and social security records. This data set is like gold apparently on the black market. We read technical analysis by experts like the OTA defining 12 step programs to prevent such attacks. Others point to the lack of encryption.

Let us ask a more fundamental question: Is there some immutable law that says my social security number and other records absolutely must be reachable via the internet?

Anthem Security: Coutesy: Pedro Paulo Boaventura Grein , Flickr

Anthem Security:
Coutesy: Pedro Paulo Boaventura Grein , Flickr

Thirty years ago of course none of this would have been possible. The “hackers” would have had to perform a physical break-in. Now I’m not suggesting we go back to a pre-online lifestyle,  but just wondering if my refrigerator, my dog, AND my social security number must be in the cloud 24/7.

If Anthem  can’t survive without having  this information somewhere then fine: put it on a private network. And by private I mean NO PHYSICAL PATH – AT ALL – TO THE INTERNET.  Yes, that means their employees couldn’t reach it from Starbucks or at home.  But then either could the “sophisticated” hackers.

OK I can hear some of you saying that in today’s era an absolute physical barrier is just not practical to which I offer Anthem this advice: DON’T BE INCOMPETENT!

If these 80 million records are worth $25 or more on the black market we have a theft  worth 2 BILLION DOLLARS! If Anthem would have had $2 billion in cash  on campus, do you think they’d be watching it kind of carefully?

So then why when 80 million records start heading OUTBOUND from the network there aren’t all kinds of lights flashing and alarms going off? Is this not possible to detect? I think it is possible and Anthem  SHOULD HAVE SEEN IT IN REAL TIME!

Here is the statement on anthemfacts.com.

“Anthem was the target of a very sophisticated external cyber attack. Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised.”

Really Joe?  “Very sophisticated”? So does that mean you can’t stop it from happening again?


This entry was posted in Uncategorized. Bookmark the permalink.

6 Responses to Editorial: Cutting the Cord on Laggard Security – The Anthem Hack and Corporate Incompetence

  1. Len Mullen says:

    I strongly favor curtailing of online storage and sharing as well as two factor authentication and other inconveniences. Check this out…

    https://danvilledelivery.wordpress.com/2015/01/08/another-hs-data-breach/

    and read the two articles linked at the bottom. What possible benefit outweighs the associated risks?

  2. Augustine says:

    The issue is, of course, the use of the SS as an ID for every thing under the sun. It’s an ID for SS, that’s how it should remain.

    Where I come from, there are state ID, SS ID, federal tax ID, school ID, etc. Moreover, the federal tax ID, also used for financial and credit tracking, may be recycled if one thinks that it’s compromised. The tax and credit history are automatically transferred to the new ID and the old one becomes invalid for use. Not unlike when a credit card is compromised. And this has been so for decades, way before computers were widespread.

    Without a doubt this could be done stateside too. Then, the value of such information would not only be much lower but would also come with an expiration date, as the victims change their tax IDs.

    What cannot be done is going back to physical files.

    • Greg says:

      I agree the topic of SSN and how they are used is intertwined with this story. Maybe a better SSN system would reduce all our vulnerability to a degree.

  3. Len Mullen says:

    You have it completely backwards, Greg. The idea is that you collect no more information than is absolutely necessary and hold it no longer than is absolutely necessary. Apply this broadly and there is little motivation to hack.

Leave a Reply