Professional Documents
Culture Documents
Week 7 Discussion (10)
Week 7 Discussion (10)
Week 7 Discussion (10)
Name
Institution
Professor
Course
Date
2
In 2015, the greatest health insurance company in the United States, Anthem Inc.,
went through a huge data breach phase that endangered the information of 78 million clients.
The breach was found by the internal auditors while examining the organization as a feature
of their standard work and seeing a few irregularities. The attackers had obtained Anthem’s
penetrated the system in a malicious way (Keshta & Odeh, 2021). In particular, social
engineers exploited the company’s weak security measures and gained access to significant
Data Compromised
1. Names
2. Birthdates
4. Addresses
5. Phone numbers
6. Email addresses
7. Employment information
8. Income data
A detailed MFA for all employees, and especially the ones holding some pretty
sensitive data, can go a long way toward minimizing the threat of credential stuffing. MFA
3
involves verifying the user’s identity through two or more conditions, and therefore it is not
easy for the wrong person to get access to a particular material (Keshta & Odeh, 2021). For
example, a user name and password with an additional factor that relates to unique biometric
features like a fingerprint or facial recognition would act as a strong barrier that would ensure
Security awareness training is an effective measure that may be conducted for a firm’s
employees, offering them an understanding of the factors of phishing and how to avoid them.
Employees should be educated on how to read emails with a pinch of suspicion and not click
on unknown links or download attachments from strangers (Keshta & Odeh, 2021).
Introducing new information about the current trends in phishing attack methodology can
help make employees more aware of such tactics and thus more effective in protecting
against them.
Network Segmentation
This may include network segmentation, which limits an attacker's access to other
network parts in the event of a breach. Isolate critical systems and sensitive data from the rest
of the network and restrict access on a least-privileged basis. This means that all employees'
Subsequently, if a specific account gets compromised, it won't directly influence the entire
system.
EDR arrangements distinguish and answer dangers progressively. EDR tools monitor
endpoints for suspicious activity and react automatically to a potential breach before it does
significant damage. Such solutions can, therefore, recognize behavior patterns that might
This can be affected through ordinary security reviews and penetration testing, which
uncover the inborn weaknesses inside the framework. These proactive measures will ensure
efficacy in the controls and their being up-to-date. Independent security firms may conduct
external audits that provide an unbiased assessment of the security posture of any given
organization.
Data Encryption
The sensitive data can be protected from access in both the motion and rest positions.
Even if attackers have attacked the network, the encrypted data will not be readable without
the decryption keys (Keshta & Odeh, 2021). High encryption standards must be implemented
Reference
Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns
https://doi.org/10.1016/j.eij.2020.07.003