Incredibly, it seems that corporate data breaches have become so common that, unless salacious information is made public by hackers (as it was after the Sony breach), the media and public are becoming numb to news of new attacks. The hacked brands are severely impacted, but a large section of the population seems to be suffering from data breach fatigue.
When news broke recently that the Chinese government had breached the Office of Personnel Management’s (OPM) servers, however, the media and public once again took notice. The recent Chinese hack—in which as many as 14 million current and former federal workers may have had their personal information stolen—is the latest in a string of government breaches that included the White House’s and State Department’s e-mail systems.
The OPM breach is especially troubling for several reasons, one more frightening than the next:
- The OPM maintains the results of polygraph tests given to federal employees; these test results, which are administered to uncover any sensitive information that could be used to blackmail these employees, are now in the Chinese government’s hands.
- Among the millions of employees whose personal information and polygraph results are housed in the OPM’s system are thousands of individuals working on high-security weapons projects.
- The data also included SF-86 questionnaires, a digital form that all federal employees must fill out to get security clearance; these forms ask employees to reveal extremely personal information such as gambling debts or substance abuse problems.
In cases like the OPM hack, data loss prevention services that enable information security professionals to monitor how data is being used in both on-premises and cloud environments to prevent leaks and breaches may be integral to thwarting future attacks. In scenarios where enterprise security operations centers (SOCs) are being overwhelmed by thousands of daily attacks, a security incident response platform can help ensure no alert is ever left behind.
For organizations concerned about their own security in the wake of the OPM breach, however, examining specific solutions is not as important as gathering company stakeholders—and perhaps even expert cybersecurity consultants—and conducting a high-level review of all organizational processes and use cases. After that evaluation is complete, the enterprise can begin taking specific steps toward improving its security.