Post-OPM Breach: Closing Today's Federal Security Gaps

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Post-OPM Breach: Closing Today's Federal Security Gaps-4 Next

Close Response Time Gap and Maintain Transparency

Reports say the attack was discovered in April yet was not disclosed until May, raising the question, "Why did the news take so long to come out?" This is crucial because had victims been alerted earlier, they could have taken measures sooner to protect themselves from identity theft, fraud, and other damaging effects commonly associated with data breaches.

Again, because hackers obtained information beyond standard PII, they have become privy to a rich fabric of information about the families and friends of current and former government staff. The more worrisome reality is that they now have access to such a deep profile that the potential for blackmail — something that we have yet to see receive attention related to breaches and hacks — significantly increases. While best practices exist that victims can take to protect themselves, these individuals will forever need to be on high alert for potential fraud.

Early in June it was reported that the Office of Personnel Management (OPM), a civilian-run government agency, experienced a data breach of its computer systems, giving suspected Chinese state-sponsored hackers access to up to four million records of former and current federal employees. The hack was so extensive that the retrieved information stemmed as far back as 1985. However, new reports show that the attack could be more than four times more devastating than initially estimated, and the number of people impacted could increase. In fact, the tally of those affected is now being revealed as the OPM sends out notices to people who are potentially impacted. Even more unnerving is that a 2014 audit uncovered security inadequacies within the OPM system, yet they were not reported until several months after detection.

Unlike previous major cyber attacks we have seen over the last year, the exposed data was not just limited to PII (Personally Identifiable Information) such as Social Security numbers, birthdates, and bank information. During this breach hackers accessed highly confidential employee background checks, containing information on their friends, family and past employment. Even private details such as mental illness treatments, lie detector test results, bankruptcy filings, and run-ins with the law were retrieved. At this point, according to Yo Delmar, vice president, GRC Solutions, MetricStream, we are unaware of the full impact of this breach; but if history is any indicator, it's highly likely that those responsible for the hack may already be using the stolen information in malicious, and highly illegal, ways.

Following the massive breach, what we must now focus on is what can be done at the federal level to prevent such devastating reoccurrences. According to Delmar, there are several steps that need to be taken in order to address today's security gaps in government. These include: fully understanding the details of the NIST's Cyber Security Framework (CSF) and actively putting practices into action; developing and implementing a remediation plan to ensure security standards are being met; closing the gap in response time and maintaining transparency throughout with key stakeholders; recognizing the auditor's evolved role in cybersecurity; and understanding where federal security investments should be headed.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.