Office of Personnel Management Scrambling After Security Breach
The negative impacts of security breaches are serious and wide-ranging. But with the proper precautions, your systems will be able to predict breaches before they even occur.
Earlier this year, the Office of Personnel Management (OPM) expressed confidence that their systems were unbreachable, but this false sense of security was shattered in June when they fell victim to a crippling cyber attack.
According to the Wall Street Journal, OPM had to shut down a website that facilitated electronic submissions of background investigations, refusing to accept new applications for over a month. Why the drastic measure? They had discovered a “vulnerability” called eQIP in the existing background investigation system.
On June 4, OPM announced that hackers had broken into its “secure network.” Although the number of stolen records remains unconfirmed, Director Katherine Archuleta disclosed that hackers gained access to the personnel records of 4.2 million government employees. In addition, she estimated that up to 18 million Social Security numbers may have been compromised by the attack.
But the negative ramifications weren’t just limited to leaked information and the costs associated with the site’s downtime; the breach led to a lot of bad press for OPM, damaging the department’s reputation in the eyes of the nation’s citizens. So where exactly did a supposedly secure government agency go wrong?
As soon as a security breach occurs, an organization must quickly determine whether there are any conditions still in place that leave them vulnerable to further attack. While OPM was able to scramble and quickly identify eQIP as a “vulnerability,” these kinds of reactive security measures don’t really make them any safer going forward.
Another article from the Wall Street Journal reported that Einstein, the security system in place at most government agencies (including OPM), had proven ill-equipped for the task at hand in the months leading up to the attack, mainly due to the fact that it was not designed to stop previously unknown malware from entering its system.
And although Einstein helped detect the spyware responsible for the OPM breach relatively quickly, it ultimately did nothing to prevent the records from being stolen.
According to the Guardian, Senate Intelligence Committee chairman Richard Burr has insisted that the government overhaul its cybersecurity defences to avoid more of the same from happening again. “Our response to these attacks can no longer simply be notifying people after their personal information has been stolen,” Burr said. “We must start to prevent these breaches in the first place.”
That’s all well and good, but who’s to say that the U.S. government can do anything differently the next time around? It might be time to look for outside assistance.
A security breach obviously demands a long, hard look at your current security infrastructure, but it’s also probably a good idea to take a moment to assess all of your best practices across the entire infrastructure. Are your virtual systems properly managed and implemented? Have you properly planned and prepared for potential spikes in demand in order to maintain adequate response times and throughput requirements?
TeamQuest offers a variety of ITSO solutions along with powerful, predictive and analytic tools that help you expect the unexpected. Because in the aftermath of an embarrassing hack or system breach, you can’t afford another type of disaster and the bad press that inevitably follows.
(Main image credit: Eneas De Troya/flickr)