Chinese "Smishing" Operations: A Growing Threat to Your Digital Wallet
This month, I want to bring your attention to a sophisticated and remarkably successful scam that has expanded globally and is now targeting...
If your enterprise trades in sensitive information, especially as it pertains to security clearances with the U.S Government and its employees, business associates, or vendors, it's safe to assume you are under cyber attack right now. Actually, considering the facts and risks, it's probably reckless not to.
It's always nice to be quoted along with an ex-head of the Central Intelligence Agency, especially when it's a four-star general, and you share the hometown of Pittsburgh, PA. Michael Hayden commented on the OPM breach and its impact on the private sector in the AFP's online letter by Andrew Deichler.
Last week, the U.S. Office of Personnel Management (OPM) revealed that it had incurred a second data breach that compromised more than 21.5 million people—much larger than the other hack the agency recently endured. The incident has severe implications for the multitude of private companies that contract with the federal government.
Michael Hayden, former head of the Central Intelligence Agency and a keynote speaker at the 2011 AFP Annual Conference, believes that the effects of the OPM hack could last for nearly half a century.
According to Hayden and other former CIA officers, the data breach has created a massive counterintelligence threat that could easily last 40 years — until the youngest members of the federal workforce enter retirement.
Dan Verton, Fedscoop.com, July 12, 2015
We chimed in.
“If your company works for the government and has employees and contractors with security clearances, it’s essential to review the flow of this information up, down, in and out of the organization with a particular focus on individual operators and perimeter operating environments.”
Your enterprise is either being explicitly targeted by hackers because you are in a business that includes dealing in security clearance level data, or, you are on the radar of a vast net thrown over a volume of strategically aligned targets for the sake of potentially something much more contrived and sinister.
Mark the moment, its time: the amnesty period is over. There is no risk-elimination, only mitigation. Breaches will happen, we will pay the price, learn, evolve, and drive the easy money out, but the tolerance for any lack of serious preparation and preventative measures is over.
Review information gathering, processing, and storing procedures, and individual accountability for compliance.
Determine where the information flows in and out of the enterprise, especially as it pertains to non-IT managed networks and devices and add measures that may be outside the IT department’s scope or purview.
Have conversations and open the lines of communication, particularly at these junctures.
Be sure your incident reporting process is bulletproof.
Repeat.
This month, I want to bring your attention to a sophisticated and remarkably successful scam that has expanded globally and is now targeting...
In 2013, I started TDS based on “The Democratization of Cyber Risk” where consumer-based cybercrime damages would eventually surpass those targeting...
"Cyber Security in Real Estate Sales " begins by addressing three crucial questions: Is cyber risk a real problem in the real estate sales...
Congrats! You've just become a magician. This is the do-it-all module where you can let your creativity run wild. The best part is that it's just going to keep getting more and more awesome over time.