These days it seems as though there’s a new cyber-attack in the news on an almost weekly basis. One in particular, while it occurred a year ago, stands out due to the extra sensitivity of the data that was breached. We’re talking about the attack on Anthem, one of the largest health insurance firms in the US. The cyber security violation placed the personal information of tens of millions of people in jeopardy. It serves as yet another sobering reminder of the critical importance of the right cyber security incident response plan.
Due to a lack of adequate protection, the hackers behind the attack were able to breach an internal database containing as many as 80 million records of personal data. Not only did the sensitive information belong to customers, but it also affected employees of the insurance giant, including their chief executive. The data extracted contained everything from names and birth dates to addresses, income information and social security numbers. It is regarded as one of the largest breaches of company data in history.
So what went wrong?
Well, for starters, it’s believed that the breach occurred as a result of multiple employees’ credentials being compromised. There’s no proof as to how this happened, but it’s not a stretch to assume it could have been a result of phishing campaigns through which the employees in question were tricked into handing over their information. And while a solid cyber security incident response strategy may not have prevented such a breach from occurring, what it could have done was dramatically mitigate damages.
That’s because what’s truly alarming about this case is that while the actual breach occurred on December 10th, it wasn’t officially discovered until January 27th – more than a month later. That’s an awful long time to have free access to a bunch of sensitive data. It’s a wonder more damage wasn’t done, given the length of time the hackers had before being discovered.
How could automated playbooks have helped?
Cyber security incident response plans that incorporate automated playbooks can help to bridge the gap between monitoring and incident management by running continuous remediation workflows that are designed meet both compliance and security requirements without the need for human intervention.
The reason why breaches of this magnitude still occur isn’t necessarily because hackers are becoming smarter. It’s often more about the persistence and determination with which they attack. This is where playbook automation is most effective, because it essentially allows IT departments to respond to threats with the same intensity and frequency.
In other words, using automated playbooks as part of a comprehensive cyber security incident response strategy allows organizations to fight fire with fire, identifying and addressing threats immediately and automatically to neutralize attacks and mitigate damages.
Had Anthem employed such a strategy, we may never have learned of the terrible breach they became a victim of because it would have likely been caught right away, before the hackers had the opportunity to capitalize on their success. What the entire situation can do is serve as a lesson to other organizations of the importance of a strong defense that leverages the advanced technologies available today to their full advantage.