Cybersecurity issue goes beyond the Anthem headlines

While the security breach affecting as many as 80 million Anthem Inc. customers generates big headlines because of its size, it's the smaller-scale attacks that concern Purdue University cybersecurity expert Eugene Spafford.

"In 2013, U.S. federal agents notified more than 3,000 businesses that someone had hacked their computer systems," Spafford said, citing national news stories published in March. "The concern we should have is not only the high-profile cases like this that are discovered and announced. It's the ones that aren't discovered and reported. Too many organizations believe that it can't happen to them, and they continually apply patches."

Spafford, the executive director of Purdue's Center for Education and Research in Information Assurance and Security, says in the case of Anthem and others, the costs and dangers are hidden.

"The personal information they listed can represent a problem for people for years to come," he said. "That's information that can be used for identity theft, extortion and to gain people's trust. So, it really is a big problem, even if medical or credit card information is not given out. The company providing a year or two of credit monitoring won't fix that."

Spafford, a Purdue faculty member since 1987, is one of the most recognized leaders in the information security field, having served as an adviser or consultant for major companies, law enforcement, academic and government agencies. He has served in roles with two U.S. presidents, and worked with the U.S. departments of Justice and Energy, the U.S. Air Force, National Security Agency, and Federal Bureau of Investigation. He has testified before Congress many times on cybersecurity.