OFFICIALS: China Suspected of U.S. Data Breach Affecting Millions
“The Obama administration is scrambling
to assess the impact of a massive data breach, suspected to have originated in
China, involving the agency that handles security clearances and employee
records, U.S. officials said Thursday.”
Richard Burr, R-North Carolina, chairman
of the Senate Intelligence Committee, agreed, saying, "We cannot continue
to look the other direction."
“Our response to these attacks can no
longer simply be notifying people after their personal information has been
stolen," Burr said. "We must start to prevent these breaches in the
The statements above seem to have brought
the IT Cyber Security issue full circle. At some point during the last 12
months, there was a shift in thinking among IT security experts that
“prevention” was not the primary focus any longer when looking to combat
security breaches. More discussion has been focused on detection and
incident response. Technology solutions have followed suit. But the
reality is, organizations still need to come at it from all angels:
Prevention – Detection – Response
While details of the FBI’s investigation
will not be conclusive for some time, and no single IT security solution will
be able to handle every exploit that hackers have at their disposal, the quote
from Richard Burr validates the importance of multiple levels of
But anyone reading this blog knows
this. The challenge exists in budget allocation. Companies and
CISOs only have so much to spend. Mike Rothman from Securosis defended
this challenge quite well in his blog, Hindsight FTW (https://securosis.com/blog/hindsight-ftw).
So then is the best defense is a good
offense? Perhaps. I would interpret “a good offense” as ensuring IT
security professionals do their best to educate themselves about all available
technology and then choose what provides the broadest coverage, even if it is
just for a specific platform, such as endpoint defense.
Viewfinity can help. In regards to
prevention, we approach this via removal of administrative rights and
default-deny whitelisting on endpoints and servers. Detection is done via
application monitoring that blocks unclassified applications or restricts their
access to corporate resources. And response/remediation is accomplished
through our file history & forensics capabilities.
Contact us if you’d
like to setup a brief discussion to understand more about our security
technology coverage capabilities.