General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMy quick take on the huge Anthem hack.
80 million customers had their information compromised. That's a lot---SS numbers, birthdays, etc. That's important personal shit.
I'm in the Cyber Security business.
Here' the thing---you're going to see a lot more of this in the near future.
Why? Companies like Anthem are simply overwhelmed with everyday attacks and they can't keep up. I know a Wall Street investor who told me that large Insurance companies are banging on Wall Streets doors to invest into companies who specialize in Security Operations Centers---better know as SOC's.
SOC's are much better suited to prevent attacks than an overwhelmed IT Security Department at some enterprise company.
It's really hard to find people with a Cyber Security skill set. The companies are understaffed and are running around trying to catch their tails.
In addition--these companies, if they are serious about protecting our shit, have to open their pocketbooks and spend some money.
It's the old stop sign affect---Put the stop sign up after the 10 car fatal collision.
Make no mistake---this is Cyber war and if we don't begin taking it a whole lot more serious---we're all gonna be fucked.
mho
CaliforniaPeggy
(149,640 posts)uponit7771
(90,347 posts)jeff47
(26,549 posts)We'll need something like a fine of $2k per SSN stolen, $1000 per credit card stolen for businesses to take this seriously enough to fix their data. Or more intelligently, not collect the data to begin with - if you never had it, it can't be stolen.
phantom power
(25,966 posts)ProdigalJunkMail
(12,017 posts)accessing a network storage location in a hack (or a stupidly misplaced machine or drive) is commonplace. hell, kids can do it in some instances. but encryption technology would make the bulk of this information unreadable or at the very least too expensive to try and read to make it worth stealing... and that tech is readily available.
sP
jeff47
(26,549 posts)ProdigalJunkMail
(12,017 posts)no excuse. any identifying information should be encrypted.
sP
jeff47
(26,549 posts)Can't query on the encrypted data, for example.
So even if you put encrypted data into the table, you have to have the encryption keys easily available. And if they have sufficient access to be reading the table, they'll have sufficient access to get the keys.
ProdigalJunkMail
(12,017 posts)and you can lock down the key repository so that it is NOT easy to get into. but what do i know? i am just some guy on the intertubes...
sP