IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
Analysis

Enterprise post-breach mantra must be 'how' not 'who'

Hack me once, shame on you! Hack me twice, shame on me!

A processor with a red cloud broken in two with a word beneath: 'BREACH!'

There should be no doubting that the fact the US Office of Personnel Management (OPM) has been subject to a breach of quite dramatic proportions. The reports that details of up to four million past and present government employees have been compromised is big news.

The OPM is the agency responsible for both the screening and the hiring of the vast majority, and we are talking something in the region of 90 per cent, of federal government staff. This includes the approval of security clearance. Once you realise that, the importance of the news is frankly a given. 

That this is the second serious breach within the same department in less than the space of a year makes the story even bigger. So why is the world's media, including most of the specialist security and tech press as far as I can see, obsessing over the wrong headline?

Everywhere I look, I see stories covering the attribution angle. The who and not the how. Everyone, it would appear, is salivating over the 'spy movie in the making' notion that the Chinese were behind this 'Nation State Sponsored' attack.

This could, of course, well be the case. The who is ultimately part of the story. What it isn't, at least from the enterprise security perspective, is the most important part of it. If business is to learn from breaches such as this, and business must because the same techniques and exploits will almost inevitably filter down the threat food chain and strike eventually, it must focus on how the perpetrators managed to do what they did and stop them from being able to repeat it.

Attribution is nothing but a distraction at this stage in the game, and one that We The Media seem to have an unhealthy, and certainly unhelpful, obsession with.

For one thing, almost always and at the very least almost always for the longest time, attribution for such attacks is difficult in the extreme to establish successfully. The same is true whether we are talking about nation states or hacktivist collectives, there will always be speculation, finger pointing and kudos collecting.

What there will be precious little of is proof beyond reasonable doubt. In the absence of which, you have to ask yourself why bother expending so much energy when that energy could be so much better spent looking at what went wrong and how to prevent it going wrong again.

Reports are suggesting, for example, that at least some of the data at the centre of the OPM breach was apparently unencrypted. There's important lesson number one right there. At least make the prize as unattractive as possible if the bad guys manage to navigate through the defences to get at it rather than handing it to them on a plate.

Not that encryption is the key, if you will pardon the pun, but it does add another layer of difficulty into the mix. A determined attacker could always steal the keys as well the database, or engineer authorised access to grab the unencrypted data for example. It has to be seen as part of a solution. All too often, unfortunately, encryption is seen as part of a problem and therefore isn't implemented in any form. Big mistake!

Now that the initial hysteria has started to die down, we can get back on track and start looking at that how rather than the who. Hopefully, by so doing, we can learn what vulnerabilities were exploited and where the attack surface was weakened.

Hopefully, if your organisation is subject to a breach you will get straight to the nitty gritty of how it happened and once you've worked that out, and secured the defences, then and only then start pointing the finger of blame...

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Biden sets June deadline for $42 billion broadband funding outline
Network & Internet

Biden sets June deadline for $42 billion broadband funding outline

11 Nov 2022
FCC eyes formal ban of all Huawei, ZTE equipment sales
Policy & legislation

FCC eyes formal ban of all Huawei, ZTE equipment sales

14 Oct 2022
White House proposes fresh Bill of Rights to limit AI threats
artificial intelligence (AI)

White House proposes fresh Bill of Rights to limit AI threats

5 Oct 2022
Draft bill could force AWS, Microsoft, Oracle to change public sector contracts
public cloud

Draft bill could force AWS, Microsoft, Oracle to change public sector contracts

12 Sep 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022