Lessons Learned from the OPM Data Breach – Two Years Later
Two years removed from the announcement of the attack, we can now take a look at the lessons we learned from the OPM data breach.
nation-state attack
Video: Cyber Defense for the Federal Government
Watch this FedScoop video interview of IT security expert Philip Lieberman to find out how federal government agencies can redesign their networks for better resilience against cyber attacks.
Nation-States and Data Breaches
Cyber intruders now use in-country assets to mask their location, making attribution challenging. If the state actor has a grudge that they want to air, then they will use their own addresses to get their message across to the company and government.
Data Breach at US Office of Personnel Management Reveals Intent of Nation-State Attacks
On the surface, last week’s data breach at the US Office of Personnel Management (OPM) might seem like just another cyber attack, like those which affected Target, Home Depot and many others. However, the ramifications of the OPM breach, allegedly perpetrated by Chinese hackers, are potentially more sinister.
Are the Cyber Security Experts Wrong About Zero Days?
I allege that with only a few minor changes in organizational IT behavior and the use of security automation, most zero day attacks can be converted from PR catastrophes into mere nuisances.
Remedy Poor Legacy Security Decisions with These Tips to Improve IT Security Posture
However, even once you accept the fact that the bad guys are going to get into your network, you can significantly mitigate the damage done. Here are some tips to bolster your organization’s IT security posture.
Waking Up to Zero Day Nightmares
Cyber-defense today is not about stopping intrusions. It is about creating architectures and processes that minimize losses and limit how far into the network intruders can go after they do manage to penetrate the perimeter with zero day attacks and similar exploits.
JPMorgan Chase and the Need for Military-Level Security
Financial services security must now be built and operated at the level of national defense and military-level security; commercial compliance and mitigation are no longer effective strategies.
Defend Against Advanced Persistent Threats (APTs) with Privileged Access Management
The analogy I like to use for IT security in today’s organizations is that of a candy with a hard shell and gooey interior. Attackers now know how to break through the outer security – the shell. Since the interior security is weak, or gooey, complete control over most systems can be obtained in a matter of minutes.
Chinese Cyber Attack on Canada
The Chinese cyber attack on Canada demonstrates the reason why privileged account passwords should never be shared among employees, or left static and unchanged. In the description of this attack, hackers were able to gain access to sensitive systems via access to these credentials.