Reply to post: Re: So?

Premera healthcare: US govt security audit gave hacked biz thumbs up

Mark 85 Silver badge

Re: So?

I can't speak for all locations, all insurance companies, etc. Only for what I've seen with my own eyes.

The word goes out when the auditors are coming. There'll be a mad dash in the customer service and claims areas to hide paper.. privacy screens come out from under the desks.... the day after the auditors leave, the privacy screens go back under the desk, and paper suddenly reappears magically.

In IT, they don't ever look at the servers via screens or examine the admin logs. They look at a logbook or a paper print-out of a log.

I really believe there's more break-ins coming and we'll have more discussions along this line.... I wouldn't be surprised if the break-ins are already underway and the companies just don't know it.

Hell, we have 5,000 employees and per the CIO, we have almost as many servers: mainframes, web-facing, departmental, test, etc. It's a no-win job trying to secure them all and even harder if there's any turnover in personnel. They discovered 20 servers last year that hadn't been used in 5 years or updated, but there they sat... connected to the network and happily idling. Overlooked, never used for much, and never audited because the sysadmin who set them up was made redundant before he got the paperwork done on their being launched.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon