Recently, Anthem which is one of the nation’s largest health insurers suffered a hacking into their computer system. The attack was detected on January 29th and are now working with the Federal Bureau of Investigation (FBI). The hackers concentrated mostly on Social Security numbers, birthrates, addresses, e-mail and some employment information and other data. Fortunately, credit card information and medical records (including doctor and hospital information) were not affected. Three types of potential malicious attacks are as follows: 1) Passive attacks 2) Active attacks, and 3) Insider attacks
A passive attack is actually eavesdropping or monitoring of any transmission that is happening in the system. A passive attack can include an analysis of any traffic, the monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Individuals can see any actions that are coming up in the system which would disclose information or data files that would be available to the attacker without the knowledge of the user. An active attack involves attempts to break through protection features such as a firewall.
This can be done through stealth, viruses, worms or Trojan horses. Active attacks involve the introduction of malicious code and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit through the system, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in disclosure or dissemination of data files, modification of data, or denial-of-service (DOS). An insider attack are the most difficult to detect and prevent.
This type of attack always involve people from inside an organization such as a disloyal employee. Employees that are malicious intentionally eavesdrop, steal, or damage information. They can use information fraudulently and deny access to other users who are authorized to use the system. This type of attack does not result in carelessness, lack of knowledge of the system, or intentional circumvention of security as a test of security for an example called White Hat Hackers. Sec rite controls that can be considered to be implemented in order to protect against potential malicious attacks are displayed in the figure below.
There are two main types of security access controls that are used. 1) Physical access controls are basically used by an organization’s facilities department manager who would issue a security card that is used to swipe in and out of an office, parking lot’s elevator or building. 2) Logical access controls are used in decisions as to who has access to the system and what tasks they are responsible for while performing certain tasks in the system. The employee is monitored while using the system and controlling how the users’ behavioral pattern is expressed in the system. Education and training on how users are to properly use the system is key to a system that would be difficult for a hacker to penetrate. Subjects such as passwords, authentication, authorization, policies and procedures would be very beneficial for employees to adhere to for a safe system. (Image so race: Slideshows. Com-2013) Three potential concerns organizations have for data loss and data theft that may exist in a potential network: 1) The organization’s reputation can be severely damaged.
Customers can turn elsewhere for business because of the company’s jack of attention to the system that they have. 2) The organization can accrue severe financial losses which can include fines from state and federal officials and harm the business overall. 3) The fear that someone on the inside or outside of the organization can obtain data from their business. Failing to protect data from data theft or data loss can be detrimental to a business whether it is a great financial loss or maintaining a good business reputation. People steal data because it is worth money and can be sold to others.
Social security numbers, Ames, addresses, credit and bank account numbers that are stolen puts customers at a very high risk of identity theft. IT personnel has to mitigate this risk by identifying malicious threats at its core and understand it. There should be ways to identify the data and to protect all data by performing assessments of the system to understand how that particular system works in their databases and how the data flows and where the risks lies. Data Loss Prevention (DEL) refers to systems that can identify, monitor and protect data in use or not.