According to federal officials the breach of the Office of Personnel Management (OPM) is one of the largest breaches of government data in the history of the United States. The data breach exposed personal identifiable information such as SSN, name, address, and date of birth of four million current and former federal employees.
Well, that’s massive!
The OPM is responsible for managing security clearances of various government institutions. During that process, every employee has to furnish all their information, which is stored and kept in the same systems that were breached. So undoubtedly, this attack has raised eyebrows of all those federal workers whose data was stolen.
However, this is not new. Last month, cyber criminals reportedly hacked into a White House computer system holding the personal information of thousands of Americans. We’ve also seen several corporate data breaches as well, such as Target and Home Depot.
So, how can OPM or similar data breaches be avoided? What kind of security strategy would have nullified such attacks? Let’s take a look at the possibilities.
How OPM Breach Could Have Been Avoided
One of the biggest reasons for this breach is the delay in detecting the attack. The OPM breach could have been easily avoided if the federal government had taken a more comprehensive approach to incident detection and recovery.
“Effective security these days means detecting these threat actors as they operate and before they exfiltrate data. You can’t win all the battles but all of these headlines suggest that we are still on the losing side.” said Tim Keanini, Chief Technology Officer, Lancope.
According to Tim, the best way to protect sensitive data from such threats is to first categorize and isolate the information that needs to be protected, incorporate additional controls around it, and closely log and monitor access to that information.
Additionally, organizations need to leverage telemetry to ensure that hackers don’t get a place to hide in your system. You need to identify blind spots on your network quickly and remove them in a way that hackers can’t get back in.
“Adversaries behind these targeted, coordinated campaigns are patient, sometimes taking weeks and months to achieve their goal. Their persistence requires the ability to remain hidden inside the network. We, as an industry, can’t allow them free reign. In the OPM attack, a US official said the network was hacked last year but not discovered until April. We as an industry must shift our energies towards finding the compromised devices on a network early so that we don’t become accustomed to breaches hitting the ‘millions of records’ mark before they are detected.” said Stephen Newman, Vice President, Damballa.
Privileged Access Management
The best approach would be establishing better control around privileged access as that is usually the favorite place for hackers to start digging. A Privileged Access Management tool can help you and security professionals maintain better control, monitoring, and management of your critical systems.
This will restrict all-access capabilities to you or your administrator, and would keep vendors and other users from accessing any sensitive data they shouldn’t be accessing.
It would also protect assets, applications, and high-value infrastructure from cyber-attacks more efficiently. With PAM tools, you can better monitor and control who is accessing your critical systems and what they are doing when they are connected.
If OPM had this tool implemented, they would have been able to avoid the breach and stop the hacker in his tracks.
The financial threat and potential impact of cyber-attacks is expected to increase in the near future. Therefore, if you don’t assess your security system and make the necessary improvements today, you will remain vulnerable and increase the chances of becoming the next victim.
Has your organization implemented PAM yet? How are you securing your network from such attacks? Please let us know in the comments below.