Estimated read time: 3-4 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY — From Anthem Healthcare to big retailers like Target and Home Depot, it seems hackers just won’t quit stealing information from companies and their customers.
As a result, tens of thousands of people are keeping a close eye on their credit and accounts. So are Utah government officials, who say their databases are constantly attacked.
“We’ve seen spikes on some days that have gone as high as 300 million,” said Utah Public Safety Commissioner Keith Squires.
Imagine, Squires said, the assault on private industry.
“The method of attacks is always changing, and so, they have to adjust,” he said.
Businesses of all sizes are enlisting security firms, who in turn hire hackers.
“They’re typically individuals that have curiosity. So, they’re trying to see how things are working, how the internet works,” said Todd Neilson, principle and CTO at cybersecurity firm Secuvant.
“They come up with new and innovative ways to use those things.”
Neilson said not all hackers are criminals. They’re known as “white hat hackers.”
But some really are malevolent spies, also known as “black hat hackers.”
“Those individuals that become or pose as legitimate security professionals that come in and do damage,” said Neilson.
So Neilson limits all of his “white hat” hackers’ access under the principle of “least privilege.”
“You only get enough to do your job, no more, no less,” he said. “If you’re a database administrator, you shouldn’t have access to the routers.”
Neilson tells his clients to do the same with their customers.
“Enabling security reduces the ability to use the system,” he said. “If you make it available for your users to use, your security goes down. It’s a scale on either side.”
Businesses also are buying cybersecurity insurance in record numbers, motivated by large-scale hacks of big retailers. But it might not protect everyone.
“Cyber risk insurance is a little bit like the Wild West,” said Diversified Insurance Group President and CEO Spence Hoole.
“There’s not a lot of standardization. If you were to lay 10 cyber risk policies side by side, you’d find varying degrees of strengths and weaknesses,” Hoole said.
Cybersecurity insurance can cover the costs of notification, credit monitoring, and lawsuits. Plans can cost from a few hundred dollars to millions of dollars annually.
They also protect “either the individuals whose private information has been hacked, or banks or other groups that are coming to them, saying, ‘Hey, you’ve caused a loss for me and I’ve got to reissue a bunch of credit cards,’” Hoole said.
“Whatever protections and controls their own network has, Anthem probably had better controls and protections,” Hoole added. “If they can be hacked, then probably anybody can be hacked.”
This week, the White House announced the creation of the Cyber Threat Intelligence Integration Center to monitor potential hacks and their victims.
It will pool information from various federal, state and local law enforcement agencies.
