Yet Another Major Government Breach and The Lessons We Should Learn
In the wake of one of the most severe breaches of US Government networks, are we going to continue believing that we're just a software patch away from data security? Are we going to continue to ignore simple yet proven strategies for protecting data? It’s time to face the data and facts (aka reality) and act accordingly to protect our organizations and nation from attack.
Once again, and this time at an unprecedented scale, major US government and potentially private networks have been compromised. This is just one more, albeit major, breach in the continual stream of breach events that form our daily news cycle. It is clear that despite billions spent on defenses, no network is safe. Not only do networks get breached, but breaches go undetected for months. It is critical that organizations embrace a strategy of assumed breach and adopt data concealment as a central tenant of that strategy. Studies show that the success of an attack is highly sensitive to the number of steps the attacker needs to go through to reach his target. It’s past time to make life difficult for the cybercriminal.
A major obstacle to implementing effective data concealment is email. Of the many high-value targets in the organization, few are as widespread and vulnerable as email. Unsurprisingly, emails were a primary target in the recent attacks on government agencies. Email is a treasure trove of valuable and sensitive data that is at once pervasive and completely unprotected. A breached email system, archive, or inbox offers no resistance. Every message and any files attached to those messages are fully available to the thief. Given that email is where so much of our work gets done and files are exchanged, it is paramount that we look for new data security around this ubiquitous communications paradigm.
The good news is that organizations can significantly mitigate theft of data due to email by stopping the use of 50-year-old email attachment technology and adopting modern file sharing (aka, cloud storage). Unlike email attachments, cloud storage file links don’t put the file in the email, rather only a secure URL that is protected by additional authentication. In other words, the data is concealed, no longer exposed to email system or inbox breach.
Even better news is technologies exist to automate the replacement of attachments with secure cloud storage links. The automation these technologies provide ensures the security benefits without burdening users with extra work.
The digitization of the enterprise brings both unprecedented advantages in terms of agility and efficiency but also new risks. When those risks are borne by government agencies of the likes of the Pentagon, Homeland Security, and Treasury it is a risk to us all. Our adversaries are determined and have proven, time over time, capable of getting through our most elaborate defenses. The recent breach dominating the news is a reminder that we can no longer harbor hopes or illusions that we are impenetrable. By accepting the fact that the enemy will always find a way in, we can better prepare and ensure that they are denied what they are looking for.