It has been reported that the US Government Office of Personnel Management hack, was much larger than previously thought – that every federal employee’s social security number, along with other personnel records data (all unencrypted) has been breached.
Following this news, Lane Thames, security researcher, Tripwire, gives insights into the breach including, why the federal government is attractive to hack, law issues and how to reduce the attack surface:
“Organizations that collect and retain data, especially data constituting personally identifiable information (PII), are prime targets for hackers, and the federal government is no exception. According to a database maintained by the Privacy Rights Clearinghouse, 27 breaches were reported by various government entities in 2014.
Many organizations discover that breaches are more extensive than they originally thought, and I believe the reason for this is breach laws. Organizations have a finite amount of time to disclose the details of a data breach to its various stakeholders, and organizations often communicate based on preliminary forensic analysis. The data forensics required to gain in-depth understanding of a data breach is often lengthy. Organizations are doing their best to estimate breach damages but, as we can see these estimates can be far from reality.
There are a few questions that organizations can ask themselves to better prepare for cyber-attacks:
(1) What should my organization do when its cyber-resources have been successfully attacked?
(2) How can we reduce our attack surface in order to minimize the number of successful attacks against the organization?
(3) How can we minimize the amount of time between a successful attach and our discovery thereof?
The first question assumes that organizations understand that being successfully attacked is not a question of ‘if’ but ‘when’ so that they are thinking about how to respond because the lack of an appropriate response can be just as damaging as the cyber-attack itself. The second question revolves around ‘continuous process improvement.’ To reduce attack surfaces, organizations must continuously work towards improving the security of their infrastructure —security is never a one-time thing. Finally, organizations need to employ appropriate tools for monitoring their entire infrastructure —without appropriate monitoring tools, organizations will face significant blind spots when trying to respond to successful attacks.”