Anyone who has watched the news in the past several months has seen the chaos that ensues when a high-profile company has its data breached, leaking sensitive customer data into the hands of cybercriminals. I sympathize with these firms in some ways, since it’s impossible to anticipate every attack or prevent every data breach. At the same time, that isn’t especially reassuring for those who have had their information stolen. What would be a lot more encouraging would be having organizations invest in an integrated threat protection system that protects both company assets and customer data.

Admittedly, I’ve been a pretty lucky consumer. I breathed a quiet sigh of relief when I read about some of the most damaging attacks, because it’s never been my data that was compromised.

Until now.

Being the Victim of a Breach

Early last month, I received an email from my health insurance provider telling me it had been breached. The email detailed what was leaked, including names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses and employment information such as income data. It also advised me that the company didn’t think credit card or banking information had been hacked.

While I’m thankful for small favors such as my banking information not being swiped, that’s scant comfort. With all that information in the hands of would-be criminals, entire identity theft seems possible. Like a friend of mine whose data was included in a recent breach said, “I can cancel my credit card, but I can’t cancel my Social Security number. Conceivably, someone could open a mortgage in my name a decade from now.”

Another part of the communication told me that cyberattackers engineered a sophisticated attack that had almost a two-month duration from early December to the end of January.

Here’s where it really gets frustrating. Many online reports point to a general “culture of security” in the health care industry, which is ironic, considering a recent Reuters story that claims a health care record is worth 10 times more than a credit card number on the black market.

Stealing Customer Data: Simpler Than You Think

More important is my provider’s claim that it was a sophisticated attack, which might lead you to believe it was so skilled that no one could have prevented it. However, some sources indicate it wasn’t sophisticated at all. Instead, it might have targeted known weaknesses in my provider’s system through a phishing scam. The source also points out that it wasn’t the company’s security system that picked up the hack; instead, it was a human who was simply paying attention.

I tip my hat to the person who discovered this attack. While employees should always be any firm’s first line of defense, employee vigilance should be coupled with a comprehensive threat protection system that enables companies to prevent even the most sophisticated attack, detect security threats across their infrastructure and respond instantly to security incidents that do occur.

Implementing a robust solution that is nimble enough to scale across an organization’s systems often isn’t as easy as opening a box and pushing a button. However, the technology does exist, and it’s certainly more reliable than depending on an alert employee to notice when data has been compromised.

Security expert Scot Terban put it best when he said, “The problems with many corporations stem from a lack of security awareness as well as presence within the org to instill secure practices like patch management and employee awareness on what a phish looks like and how to detect them.”

I hope these companies are listening, because you can bet the next cybercriminal looking to hack their system is.

IBM Films Presents: Hacked! the Movie

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…