Thoughts on the OPM Hacks

How many times does this have to happen?

Executives, officials and boards are paying close attention to cybersecurity, but fundamental changes need to happen fast. The urgency and outcry of public responses to news of hacks like OPM are resulting in resignations due to serious violations of personal safety and privacy. Even when events mirror or resemble cyber attacks (United Airlines, the NYSE and Wall Street Journal), the show completely stops, money and time is lost and people expect the worst.

Why now? Put simply, legacy data security approaches are broken and failing us every week, if not every day. We must change our collective approach to cybersecurity and reallocate the over $75 billion projected spend on cybersecurity in 2015 to solutions that fit and adapt to today’s realities. I suggest starting here:

  • Assume data will travel outside perimeters and firewalls. This is no longer the exception, but the norm.
  • Build security solutions compatible with cloud, mobile and web-based platforms and apps people active use (Dropbox, Box, Quip, Google Drive, Office 365, Slack, Email). People are creatures of habit, will inevitably chose the path of the least resistance and use what they want to use.
  • Wrap each piece of data with scalable and adjustable security, policies and encryption. Security must attach to the data itself, at the time the data is created and shared.
  • Introduce solutions that provide universal visibility and control for users and IT.

The impact of breaches like OPM go way beyond companies and employees. Hackers are jolting sensitive data about families, health and personal welfare and sending them through backchannels into a blackhole of vulnerability. We simply cannot assume that firewall defenses will withstand against an attack of any level and there is no excuse for storing personal information unencrypted when firewalls are regularly breached. We’re past due for a fundamental change that zeroes in on encrypting and protecting data at the file-level, especially when we have to assume data will fall into the wrong hands.

We’re here to make sure this doesn’t happen to you. Let us help you.

Written on July 10, 2015
by Robin Daniels
  • Security