Every time we look to the news we find at least one data breach incident, some more minor than others. However, at that time it was businesses in retail, finance or in healthcare. Now we look to the news and we discover that more and more data breaches are focused on the government. From third party contractors that deal with government to household names such as the Internal Revenue Service, The White House, and most recently the Office of Personnel Management (OPM).
Initially, last year the OPM reported that about 4 million government employees had their personal data compromised. However, now records reveal that a possible 18 million people, possibly more have had their information compromised. This is now one of the largest data breaches in US history.
We’ve come to realize that much like other businesses the data in these government data breaches are not encrypted. The hackers are having a no problem going after the information and selling it out on the black market. The continuing focus on protecting the perimeter is no hopeless against those who are already inside or if somehow the hackers get in.
What have we always preached from day one?
Protect the data itself.
Is it time to move on from a perimeter-centric approach and start to use a data-centric security model such as digital rights management to encrypt their data? In this case, it is clearly a necessary shift for the government. There should be no more talk about we need better security, it is now time to act upon this talk, pass the reforms that are needed for cyber security and require data to be encrypted. As some states are already taking these steps, the federal government needs to do the same to close the gap against these threats.
Every organization including the government needs to refocus on what they will do to protect their most valuable data and what is already out there to protect their data. From start to finish, a complete data security framework needs to be implemented to not only protect your data but be able to have structured data and also be able to determine the risks that you have after you have protected your data against insiders.
Photo Credit: NCinDC