What You Need to Know about the Homeland Security Breach
It looks like we couldn’t go a single week in the new year without a significant data breach of a major government agency. Right off the bat, the Department of Homeland Security announced that personal information was compromised for over 240,000 former and current employees, as well as subjects and witnesses involved with investigations of the DHS Office of Inspector General (OIG). This includes Social Security numbers, positions, and grades.
Unlike other federal breaches, however, this one doesn’t appear to be the work of hackers. The incident came to light last May, during a criminal investigation, when the OIG discovered the files in the possession of three former employees. As to why it took so long to reveal the breach? The agency says that the complicated nature of the case prohibited an earlier revelation. Now it’s coming to light that the individuals had copied a DHS database with personal information for the purposes of “modifying the proprietary software” and sell it to other federal government offices.
“If this isn’t a case of poorly governed access to applications and data, I don’t know what is,” states Daniel Conrad, Identity and Access Management Specialist at One Identity. “It seems that DHS has failed on this account by allowing the wrong person to have access to inappropriate data…and their auditing infrastructure was unable to show it.”
It has been a fairly damning past few years for the cybersecurity of US government agencies. Intentional, external threats have combined on numerous occasions with gross insider negligence to create a paradigm of poor judgment, weak defenses and mismanaged incident response. Agencies are left scrambling, like the DHS, to implement stronger security protocols after the fact, in order to limit access to information of this kind.
Behavior like this will not be sufficient going forward. Data security and compliance provider Semafone predicts hackers will use more sophisticated tools, such as artificial intelligence, machine learning, and Internet of Things devices, as they ramp up their efforts. In response, governments around the world will make cybersecurity a priority, increasing regulations and even punishments, including potential jail time.
Don’t be left exposed to these repercussions. Haphazard security and insufficient patches can no longer cut it, if you want to avoid becoming the next headline.