Tag: OPM

Airlines and Schools, Data Breaches Are Going from Bad to Worse in 2015!

Will the bad news every stop making the headlines? Evidence now indicates that hackers with connections to China were responsible for the recent data breaches at United Airlines, Office of Personnel Management (OPM), and health insurer Anthem. In addition, on July 31, the University of Connecticut (UConn) announced that their engineering school servers were hit by a cyberattack originating from China.

United Airlines, the second-largest airline in the world detected a cyberattack into its computer systems in May of this year after being warned by the FBI and federal investigators. Some of the stolen information includes flight manifests which include names, birthday and travel information. United is one of the biggest contractors with the United States government among airlines and is a gold mine for data on the travel of government officials, military personnel and contractors.

As this was not enough already, on July 31 another headline about a cyberattack of an unclassified email system in the Pentagon. The attack, affected the unclassified email network of 4,000 military and civilian personnel working for the Joint Chiefs of Staff.

“This is a key moment in our Nation’s history,” said United States Chief Information Officer Tony Scott in his blog post. “As the number of threats continues to increase, affecting both the public and private sector, we must take aggressive and decisive steps to protect our networks and information. Our economy, and the credibility and viability of our most cherished and valuable institutions depend on a strong foundation of trust and the protection of critical assets and information.”

The question now is how do we defend against the threats? How do we close this “threat gap” that has been causing all of these data breaches?

A data centric approach is the only way to protect against these threats and provide persistent data security for these organizations. Without this kind of continuous control of your data, they are extremely vulnerable and could be in grave danger of providing hackers with the necessary information to sell, use or provide sensitive information to the wrong people. As legislation and regulations are being put forward, it is important to be ahead of the game. With data-centric security which includes, strong encryption and permission control, none of these recent data breaches would have hit the headlines in a negative way. Instead, these organizations would have been commended for their proactive thinking prior to these attacks.


Photo credit by: Lars Steffens

How Worried Should We Be about the Hacks on the Government?

Every time we look to the news we find at least one data breach incident, some more minor than others. However, at that time it was businesses in retail, finance or in healthcare. Now we look to the news and we discover that more and more data breaches are focused on the government. From third party contractors that deal with government to household names such as the Internal Revenue Service, The White House, and most recently the Office of Personnel Management (OPM).

Initially, last year the OPM reported that about 4 million government employees had their personal data compromised. However, now records reveal that a possible 18 million people, possibly more have had their information compromised. This is now one of the largest data breaches in US history.

We’ve come to realize that much like other businesses the data in these government data breaches are not encrypted. The hackers are having a no problem going after the information and selling it out on the black market. The continuing focus on protecting the perimeter is no hopeless against those who are already inside or if somehow the hackers get in.

What have we always preached from day one?

Protect the data itself.

Is it time to move on from a perimeter-centric approach and start to use a data-centric security model such as digital rights management to encrypt their data? In this case, it is clearly a necessary shift for the government. There should be no more talk about we need better security, it is now time to act upon this talk, pass the reforms that are needed for cyber security and require data to be encrypted. As some states are already taking these steps, the federal government needs to do the same to close the gap against these threats.

Every organization including the government needs to refocus on what they will do to protect their most valuable data and what is already out there to protect their data. From start to finish, a complete data security framework needs to be implemented to not only protect your data but be able to have structured data and also be able to determine the risks that you have after you have protected your data against insiders.


Photo Credit: NCinDC

Book a meeting