I chose this article because I thought it was an interesting takeaway from the Anthem breach of 2015. The first point really caught my attention because one would think communication is key in a breach. Anthem reached out to all its customers as soon as it was aware of the breach to inform them, and try to instill some form of comfort, however, this backfired. The scammers took advantage of this, and sent fake emails with the same theme and tone to obtain even more sensitive PII from customers. I found this particularly concerning because it seems to be a bit of a double-edged sword. At that time, that was best-practice, but it ended up expanding on the breadth of the breach. This puts a company in a tough position, so I was wondering what alternative approaches there might be?
The article also brought up what some of us have been discussing over the past two weeks, citing consumers (the breach victims) as “their own worst enemy.” Many consumers just blindly visit websites and accept offers without viewing privacy policies, or even second-guessing the validity of either of the two. They expose themselves to this sort of risk far too often, which ultimately compromises the integrity of the security of the businesses they interact with. The full report that this article discusses is also linked at the bottom of the page.