GajShield, a leading Network Security provider, elaborates on the lessons IT security leaders can learn from the Anthem hack – the US health insurance provider’s data, including personal records of more than 80 million customers were leaked. The attack, which is one of the biggest such incidents, is a wake-up call for enterprises that handle large volume of critical customer data. Here’s what you need to know:
If you have a large customer base, you’re a target
On December 10, 2014, someone sneaked into Anthem Inc.’s database but no one realized it for a while. The data breach was only discovered much later on January 27, 2015, after a database administrator found his credentials being used to run a query which was not started by him. By then, hackers had already accessed millions of customer records which included residential addresses, birthdays, medical identification numbers, social security numbers and even email addresses belonging to employees, and both current and former customers.
Companies managing large customer databases particularly need to step up their security because hackers target such data for financial gain. According to reports, data records form insurers and health care providers in the US currently face about 20,000 to 30,000 hacking attempts every week to access their data.
Un-encrypted data can be your biggest mistake
We do not know what the attackers want or what they will do with this data, but we do know that the data was not encrypted. It was irresponsible of Anthem Inc. not to encrypt the data. We must be ready to accept that there is someone inside or outside your enterprise who is after your data, and hence we need to take extra precautions and encrypt it.
Organizations must focus more on protecting their key IT infrastructure rather than applying blanket security policy across their entire enterprise. Every unit of your organization needs to be treated differently. Core information need to be secured with extra efforts.
What steps can you take to protect your data?
Enterprises need strong security management systems to control and manage their database effectively. They can enforce two-factor authentication so that stolen credentials do not lead to access to mission critical system. Role-based access control will ensure that a single-account does not have access to critical system and prevents access to data.
As in most cases, it wasn’t a particular misstep or shortcoming that led to this breach. There are simple steps enterprises can take to lower your chances of suffering from similar attacks, and to minimize the damage just in case hackers do gain access to your systems. Anthem’s breach should serve as a wake-up call to all enterprises!