This isn’t going to come as any surprise to any of you reading these messages from me; simply file this little tidbit as ‘par for the course.’
Premera Blue Cross Blue Shield revealed that it was a vector for an attack that exposed health records of some 11 million of it’s customers.
In a WSJ article a couple of weeks ago, Kaspersky Lab ZAO (the Russian security firm with antivirus of the same name) revealed that organized criminals have stolen millions of dollars from US and Eastern European banks over the last two years.
Some of the most revealing information is that the culprits have been identified (as it appears) Chinese nationals. Certainly this information can be faked, but the important information I want to pass along is the dynamic and rapidly evolving landscape of computer crime.
I’m frequently asked “why should I care about the attack on an insurance company like Premera or Anthem; they don’t really have financial information.”
The reality is folks, that the people stealing this information not only have taken identity information from these companies, they’ve taken medical records. The use of which can be used for everything from unfair competitive advantage or blackmail for some individuals who have sensitive medical information they would rather not be revealed.
What was once considered targets of opportunity and the hacking attempts of ‘script kiddies’ are now sovereign nations and organized crime attacking targets of choice.
Certainly this doesn’t come as any surprise to any of you, this information stolen globally affects all of us. But here’s a scary thought for all of us… The attacks we hear about, the viruses and trojans we discover, are the attacks that have FAILED. In fact the environment is so target rich that the scale is still tipped far in the attackers favor.
So as I’ve sent out my first three tips, they all appear VERY basic, but they are the foundation of good information protection practices. My next tip will focus on the use of multi-factor authentication.