It will likely be another 6 to 9 months before a final determination can be reached on how Anthem was breached. Experts are speculating that the breach occurred either through a vulnerability on an Internet facing server, or the result of a social engineering/phishing scheme.
An immediate lesson to be learned from the Anthem breach is the understanding of how it was initially identified. Most organizations learn they have been breached by an outside third party. I’ve seen statistics as high as 97% of breaches are not detected internally by the organization. The Anthem breach was identified internally by a database administrator who noticed a process running under their credentials. This administrator notified his supervisor and the breach was quickly contained.
I give security briefings to many of our clients, and I always stress that the end user (employee) can be an organization’s weakest asset or the greatest asset when protecting an organization’s network. End users have the ability to circumvent the best technology an organization can implement. They can also be a great asset as the eyes and ears that help protect the organization.
All our clients that are under regulatory compliance are required to provide their employees security awareness training (SAT) and have an incident response plan. The DB administrator identifying a process running on their credentials and immediately reporting the situation, and the incident response team’s immediate isolation of the breach, is a great example of why security awareness training and having an incident response plan is critical to every organization.
