Analysis

Enterprise post-breach mantra must be 'how' not 'who'

Hack me once, shame on you! Hack me twice, shame on me!

There should be no doubting that the fact the US Office of Personnel Management (OPM) has been subject to a breach of quite dramatic proportions. The reports that details of up to four million past and present government employees have been compromised is big news.

The OPM is the agency responsible for both the screening and the hiring of the vast majority, and we are talking something in the region of 90 per cent, of federal government staff. This includes the approval of security clearance. Once you realise that, the importance of the news is frankly a given. 

That this is the second serious breach within the same department in less than the space of a year makes the story even bigger. So why is the world's media, including most of the specialist security and tech press as far as I can see, obsessing over the wrong headline?

Everywhere I look, I see stories covering the attribution angle. The who and not the how. Everyone, it would appear, is salivating over the 'spy movie in the making' notion that the Chinese were behind this 'Nation State Sponsored' attack.

This could, of course, well be the case. The who is ultimately part of the story. What it isn't, at least from the enterprise security perspective, is the most important part of it. If business is to learn from breaches such as this, and business must because the same techniques and exploits will almost inevitably filter down the threat food chain and strike eventually, it must focus on how the perpetrators managed to do what they did and stop them from being able to repeat it.

Attribution is nothing but a distraction at this stage in the game, and one that We The Media seem to have an unhealthy, and certainly unhelpful, obsession with.

For one thing, almost always and at the very least almost always for the longest time, attribution for such attacks is difficult in the extreme to establish successfully. The same is true whether we are talking about nation states or hacktivist collectives, there will always be speculation, finger pointing and kudos collecting.

What there will be precious little of is proof beyond reasonable doubt. In the absence of which, you have to ask yourself why bother expending so much energy when that energy could be so much better spent looking at what went wrong and how to prevent it going wrong again.

Reports are suggesting, for example, that at least some of the data at the centre of the OPM breach was apparently unencrypted. There's important lesson number one right there. At least make the prize as unattractive as possible if the bad guys manage to navigate through the defences to get at it rather than handing it to them on a plate.

Not that encryption is the key, if you will pardon the pun, but it does add another layer of difficulty into the mix. A determined attacker could always steal the keys as well the database, or engineer authorised access to grab the unencrypted data for example. It has to be seen as part of a solution. All too often, unfortunately, encryption is seen as part of a problem and therefore isn't implemented in any form. Big mistake!

Now that the initial hysteria has started to die down, we can get back on track and start looking at that how rather than the who. Hopefully, by so doing, we can learn what vulnerabilities were exploited and where the attack surface was weakened.

Hopefully, if your organisation is subject to a breach you will get straight to the nitty gritty of how it happened and once you've worked that out, and secured the defences, then and only then start pointing the finger of blame...

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

30 countries announce crackdown on ransomware payments
ransomware

30 countries announce crackdown on ransomware payments

15 Oct 2021
Senators seek to reform Section 230 protections
Policy & legislation

Senators seek to reform Section 230 protections

14 Oct 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Supreme Court denies Oracle appeal over JEDI contract
Cloud

Supreme Court denies Oracle appeal over JEDI contract

4 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021