Following the news about Anthem Breach IT security experts from Balbix, Bitglass, Trivalent and McAfee commented below.
Gaurav Banga, Founder and CEO at Balbix:
“Businesses need to better assess risk of data exfiltration and malicious intent across the enterprise, including third party contractors. Specifically finding the data stores within the enterprise that have a high business impact and are at an increased likelihood from being attacked by infected devices or malicious users, can help predict and prevent such attacks, before they happen. Continuous risk assessment and monitoring of the enterprise attack surface can reveal such risks proactively.”
Rich Campagna, CEO at Bitglass:
“Whether it’s a careless auto-fill of an external email address in a file sharing prompt, or a malicious attempt to leak data, as it appears to be the case in this most recent Anthem breach, healthcare organizations must use technologies like data leakage prevention (DLP) to identify sensitive patient data and to build controls around when that data can be accessed and by whom. In this incident, simple rules could have been implemented that prohibit such a large volume of patient data from being shared outside the organization without internal approval.”
John Suit, Cybersecurity Expert and CTO at Trivalent:
“The Anthem breach is the most recent example of the critical need for better data protection across all industries—especially those that process personally identifiable information (PII) and protected health information (PHI) data. In this case, the breach reportedly came from an insider within a third-party consulting firm, who sent Anthem’s data to their personal email address. Not only does this highlight the dangers third parties can pose to enterprise data that is not properly protected, it also opens a larger discussion around traditional encryption. With the onslaught of high profile breaches in 2017, encryption alone has proven it is no longer enough to protect sensitive information from insider threats and next generation hackers. The only way to get ahead of data breaches is to address them as a likely probability, rather than an impossibility. With this proactive approach, enterprises can begin thinking about protecting data at the file level, rendering it useless to unauthorized users—even in the event of a breach.”
Raj Samani, Chief Scientist and Fellow at McAfee:
“Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure – especially once shared with a third party.
“The reality is that although companies are becoming more focussed on preventing cybercrime within their own organisations, they need to realise that as soon as data is shared, these systems are now irrelevant if the third parties do not uphold the same compliance. In this case, it’s important to recognise that it’s not a system failure, meaning that unfortunately, humans still have a big part to play in the fight against cybercrime.
“In order to combat this more organisations need to recognise the importance of using automation to build their threat hunting capabilities and keep an eye on data. Our research shows successful cybersecurity teams are three times as likely to automate threat investigation – allowing them to devote more time to threat hunting as automation streamlines manual processes. Automation is vital to closely monitor data and pinpoint if any data is being leaked early – allowing more time to track down the problem and resolve it. The effective monitoring of people, process and technology is the key to effectively protecting the organisation’s data and detecting any threats.”