Anthem, Sony, and China: Here’s What We’ve Learned About Cyber-Attacks

Computer Hackers Meet For Annual CongressCyber-security was a major theme in both the president’s State of the Union Address and the Republican rebuttal. There’s a reason both sides made mention of the risk that hackers and cyber-espionage presents: It’s increasingly becoming a big concern. There has been serious evidence in just the past year or so that’s demonstrated just how much of a security threat cyber-attacks present; the kind of leverage and information that can be gained through these attacks can have a real-world effect on everything from the economy and diplomatic relations, to business security and personal privacy.

Each security breach has come with its own lesson. Sometimes the lesson is merely in how cyber-attacks can manipulate conditions in the country, sometimes it’s in how to handle security breaches better, and sometimes it helps to outline a trend that is of concern. Either way, it’s worth considering what changes or warnings we’ve gathered recently that will better help shape the future of technological safety.

Anthem, China, and Community Health Systems Inc.

The U.S.’s second-largest health insurance company, Anthem Inc., has been the latest and most public company to be hacked, with news that data including social security numbers, home addresses, medical IDs, and much more, may have been taken from as many as 80 million individuals.

We are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Anthem Spokesperson Cindy Wakefield to USA Today. Looking at news headlines, one might think that the company has a PR nightmare on its hands — and indeed it does. But it’s worth noting that this publicity nightmare is one that the company could have put off — something other companies have done in the past. Legally, Anthem would have been within its rights to wait a full 60 days before making the disclosure. Instead, it quickly announced the security breach.

Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind,” said President and CEO of Anthem, Joseph Swedish. Anthem was also unusually quick to realize a hacker had broken into the system — something not all companies can claim.Response time and discovery are also important. The hacking of Community Health Systems Inc. was somewhat comparable in size to Anthem’s, while malware infiltration of a small section of Kaiser Permanente — a health plan and research group — had a relatively small population affected (5,100 people). However the malware was in place for more than two-and-a-half years before it was noticed.

So from Anthem’s case, a few things can be said. The larger the company, the more resources are available to help protect their data, as well as properly and succinctly respond to crime. But larger companies are more of a target, and health-related companies are particularly attractive to hackers because of their information. It’s for that same reason banks like J.P. Morgan were hacked — for financial data on people, and Home Depot and Target are both large companies with massive data loads on customer credit cards and accounts.

David Damato, owner of the cyber-security company Mandiant, which Anthem has hired, told the Wall Street Journal that health insurance companies are increasingly seeing these kinds of attacks. There’s an interesting trend in terms of the nationality of the attackers in many of these cases. The FBI reports that it so far believes the Anthem attack to be Chinese in origin. Community Health Systems Inc., which had a data breach affecting the information of some 4.5 million individuals, was thought to be committed by Chinese hackers.National security and business risk

Around the time U.S. Cyber Command was created, McAfee did a survey of cyber security experts around the world. One of the questions they asked of them was, ‘Who do you fear most in cyberspace?’ The answer for the Americans was the Chinese,” said former NSA and CIA Director Michael Hayden in an interview with Spiegel. In May, five members of Chinese military were accused of cyber-espionage against American companies, specifically energy and manufacturing companies, as well as technology companies.

Information was stolen including intellectual property, business plans, and blueprints that could make other companies more competitive by cutting research and development costs. All of this incredibly important information amounts to an economic attack, something somewhat different than what’s likely going on with Anthem. However information breaches and customer data loss does have an effect on companies, and the accessibility of this data does not bode well for national security, in particular, economically.

Military security is important, but there is also a great deal of resources put toward funding and researching cyber-security in that area of the federal government, while companies have other concerns to balance alongside their data protection. Not that national security hasn’t had its breaches as well, like the communication of foreign diplomats that were leaked. However there’s a close tie between national security and economic safety.

If businesses are attacked by foreign infiltration in a way that could be detrimental to companies’ success, it takes a toll on the economy in general, and the economy is inextricably tied to the stability and functionality of the entire nation. Nothing exists in a vacuum, as they say. One example where the two ideas cross the line back and forth is the recent, highly public hacking of Sony’s private correspondences and employee information.

The hacking was done in response to the film The Interview, which criticizes North Korea, and came alongside threats of 9/11-type attacks if the film were to be released. Sony did not end up releasing the film in major theaters, and many theaters would not have allowed it had Sony chosen to do so. Ultimately, it was something of a business loss — though the hype and sale to various streaming sites and smaller theaters probably helped a great deal with that — but it was a freedom of speech limitation imposed on business and America. The threat may not have been as effective without the physical threat, but the cyber attack itself likely held enough risk to discourage the company from releasing the film.

More Politics Cheat Sheet:

Follow Anthea Mitchell on Twitter @AntheaWSCS

Check out Politics Cheat Sheet on Facebook