There should be no doubting that the fact the US Office of Personnel Management (OPM) has been subject to a breach of quite dramatic proportions. The reports that details of up to four million past and present government employees have been compromised is big news.
The OPM is the agency responsible for both the screening and the hiring of the vast majority, and we are talking something in the region of 90 per cent, of federal government staff. This includes the approval of security clearance. Once you realise that, the importance of the news is frankly a given.
That this is the second serious breach within the same department in less than the space of a year makes the story even bigger. So why is the world's media, including most of the specialist security and tech press as far as I can see, obsessing over the wrong headline?
Everywhere I look, I see stories covering the attribution angle. The who and not the how. Everyone, it would appear, is salivating over the 'spy movie in the making' notion that the Chinese were behind this 'Nation State Sponsored' attack.
This could, of course, well be the case. The who is ultimately part of the story. What it isn't, at least from the enterprise security perspective, is the most important part of it. If business is to learn from breaches such as this, and business must because the same techniques and exploits will almost inevitably filter down the threat food chain and strike eventually, it must focus on how the perpetrators managed to do what they did and stop them from being able to repeat it.
Attribution is nothing but a distraction at this stage in the game, and one that We The Media seem to have an unhealthy, and certainly unhelpful, obsession with.
For one thing, almost always and at the very least almost always for the longest time, attribution for such attacks is difficult in the extreme to establish successfully. The same is true whether we are talking about nation states or hacktivist collectives, there will always be speculation, finger pointing and kudos collecting.
What there will be precious little of is proof beyond reasonable doubt. In the absence of which, you have to ask yourself why bother expending so much energy when that energy could be so much better spent looking at what went wrong and how to prevent it going wrong again.
Reports are suggesting, for example, that at least some of the data at the centre of the OPM breach was apparently unencrypted. There's important lesson number one right there. At least make the prize as unattractive as possible if the bad guys manage to navigate through the defences to get at it rather than handing it to them on a plate.
Not that encryption is the key, if you will pardon the pun, but it does add another layer of difficulty into the mix. A determined attacker could always steal the keys as well the database, or engineer authorised access to grab the unencrypted data for example. It has to be seen as part of a solution. All too often, unfortunately, encryption is seen as part of a problem and therefore isn't implemented in any form. Big mistake!
Now that the initial hysteria has started to die down, we can get back on track and start looking at that how rather than the who. Hopefully, by so doing, we can learn what vulnerabilities were exploited and where the attack surface was weakened.
Hopefully, if your organisation is subject to a breach you will get straight to the nitty gritty of how it happened and once you've worked that out, and secured the defences, then and only then start pointing the finger of blame...
-
New chapter, same partners: Keeping the channel aligned with changeIndustry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security pushNews The acquisition marks the latest in a string for Palo Alto Networks
-
‘All US forces must now assume their networks are compromised’ after Salt Typhoon breachNews The announcement marks the second major Salt Typhoon incident in the space of two years
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcosAnalysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standardsNews Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
-
The US could be set to ban TP-Link routersNews US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
-
US government IT contractor could face death penalty over espionage chargesNews The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
-
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpinNews Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
-
Breach at US Transportation Department exposes 240,000 employee recordsNews An investigation is underway into the breach, which affected former and current employee data
