You’ll probably have read the story: a Pentagon data breach exposed the personal information of 30,000 military workers and staffers in the Defense Department. It may have been lower profile than other government hacks, but to dismiss it is to ignore a killer point: this was not an ignorant employee or malicious insider or even a cybercriminal … it was a third-party contractor.
Yet again, when it happened, no one knew how many people were affected and when the breach happened.
It’s further proof that defining the organization’s perimeter is virtually impossible. Where there once was a hard, fixed boundary there is now a flexible, everywhere periphery. No longer can the hard edges of a firewall protect against external access: the traditional network confines have been splintered by personal devices, remote working, visitors and the Internet of Things.
The fact is that if you are out-sourcing, near or off-shoring, the greatest SLA ever will not secure against the business, reputational and non-compliance costs of a breach. And if you’re providing professional or managed services, all the liability insurance in the world won’t defend against the commercial losses when you’re fired from a high-profile contract.
Is the answer stronger security? Of course, but that’s only part of it. What this highlights is the bigger need for faster detection and remediation.
See how one of North America’s foremost security laboratories, UT/JICS, Oak Ridge National Laboratory, the most powerful super-compute platform in the U.S, keeps itself highly secure.