OPM - Other People's Metadata

Posted by Brad Deflin on July 15, 2015
Brad Deflin

If your enterprise trades in sensitive information, especially as it pertains to security clearances with the U.S Government and its employees, business associates, or vendors, it's safe to assume you are under cyber attack right now. Actually, considering the facts and risks, it's probably reckless not to.

imgres

It's always nice to be quoted along with an ex-head of the Central Intelligence Agency, especially when it's a four-star general, and you share the hometown of Pittsburgh, PA. Michael Hayden commented on the OPM breach and its impact on the private sector in the AFP's online letter by Andrew Deichler. 

Last week, the U.S. Office of Personnel Management (OPM) revealed that it had incurred a second data breach that compromised more than 21.5 million people—much larger than the other hack the agency recently endured. The incident has severe implications for the multitude of private companies that contract with the federal government.

Michael Hayden, former head of the Central Intelligence Agency and a keynote speaker at the 2011 AFP Annual Conference, believes that the effects of the OPM hack could last for nearly half a century

According to Hayden and other former CIA officers, the data breach has created a massive counterintelligence threat that could easily last 40 years — until the youngest members of the federal workforce enter retirement.

Dan Verton, Fedscoop.com, July 12, 2015

We chimed in.

“If your company works for the government and has employees and contractors with security clearances, it’s essential to review the flow of this information up, down, in and out of the organization with a particular focus on individual operators and perimeter operating environments.”

Your enterprise is either being explicitly targeted by hackers because you are in a business that includes dealing in security clearance level data, or, you are on the radar of a vast net thrown over a volume of strategically aligned targets for the sake of potentially something much more contrived and sinister. 

Mark the moment, its time: the amnesty period is over. There is no risk-elimination, only mitigation. Breaches will happen, we will pay the price, learn, evolve, and drive the easy money out, but the tolerance for any lack of serious preparation and preventative measures is over.

 

  • Review information gathering, processing, and storing procedures, and individual accountability for compliance.

  • Determine where the information flows in and out of the enterprise, especially as it pertains to non-IT managed networks and devices and add measures that may be outside the IT department’s scope or purview.

  • Have conversations and open the lines of communication, particularly at these junctures.

  • Be sure your incident reporting process is bulletproof.

  • Repeat.


Learn more about Total Digital Security's full suite of internet security services.

Subscribe Here!

Posts by Tag

Recent Posts

Navigating AI and Cybersecurity in the...

This white paper by Brad Deflin draws on eighteen months of...

Read More

Behind the Scenes: The Future of Your...

June is here, and we're thrilled to share some of the...

Read More

Chinese "Smishing" Operations: A...

This month, I want to bring your attention to a...

Read More

Total Digital Security Corporation 
(877) 643-6391 
hello@totaldigitalsecurity.com
7777 Glades Rd, Suite 100 
Boca Raton, FL 33434

Quick links

Follow Us

Subscribe

The CyberAdvisor Letter

TDS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.
© 2022 Total Digital Security