Will the bad news every stop making the headlines? Evidence now indicates that hackers with connections to China were responsible for the recent data breaches at United Airlines, Office of Personnel Management (OPM), and health insurer Anthem. In addition, on July 31, the University of Connecticut (UConn) announced that their engineering school servers were hit by a cyberattack originating from China.
United Airlines, the second-largest airline in the world detected a cyberattack into its computer systems in May of this year after being warned by the FBI and federal investigators. Some of the stolen information includes flight manifests which include names, birthday and travel information. United is one of the biggest contractors with the United States government among airlines and is a gold mine for data on the travel of government officials, military personnel and contractors.
As this was not enough already, on July 31 another headline about a cyberattack of an unclassified email system in the Pentagon. The attack, affected the unclassified email network of 4,000 military and civilian personnel working for the Joint Chiefs of Staff.
“This is a key moment in our Nation’s history,” said United States Chief Information Officer Tony Scott in his blog post. “As the number of threats continues to increase, affecting both the public and private sector, we must take aggressive and decisive steps to protect our networks and information. Our economy, and the credibility and viability of our most cherished and valuable institutions depend on a strong foundation of trust and the protection of critical assets and information.”
The question now is how do we defend against the threats? How do we close this “threat gap” that has been causing all of these data breaches?
A data centric approach is the only way to protect against these threats and provide persistent data security for these organizations. Without this kind of continuous control of your data, they are extremely vulnerable and could be in grave danger of providing hackers with the necessary information to sell, use or provide sensitive information to the wrong people. As legislation and regulations are being put forward, it is important to be ahead of the game. With data-centric security which includes, strong encryption and permission control, none of these recent data breaches would have hit the headlines in a negative way. Instead, these organizations would have been commended for their proactive thinking prior to these attacks.
Photo credit by: Lars Steffens