Cyber criminals can strike your organization without ever touching your systems directly
Earlier this month, the U.S. Department of Homeland Security announced a hack targeting a contractor who performs many of its background checks that exposed the data of at least 25,000 government workers.
Among the stolen data is a bevy of highly personal and confidential data, especially concerning since signs point to this being an attack by an enemy nation-state.
The Washington Post’s Ellen Nakashima was one of the first to share details:
The (background check) company, USIS, said in a statement that the intrusion “has all the markings of a state-sponsored attack.”
The breach, discovered recently, prompted DHS to suspend all work with USIS as the FBI launches an investigation. It is unclear how many employees were affected, but officials said they believe the breach did not affect employees outside the department. Still, the Office of Personnel Management has also suspended work with the company “out of an abundance of caution,” a senior administration official said.
“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the breach, department spokesman Peter Boogaard said. “We are committed to ensuring our employees’ privacy and are taking steps to protect it.”
More than anything, this incident raises red flags about the crises that can occur even if your own systems are sufficiently secured.
The question you need to ask yourself is, “am I devoting even a small percentage of the time cyber criminals are putting towards taking my data to actually protecting it?”
If the answer’s no, well, you’re asking for trouble.
——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-
[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]
Jonathan L. Bernstein, founder and Chairman of Bernstein Crisis Management, Inc. has more than 25 years of experience in all aspects of crisis management – crisis response, vulnerability assessment, planning, training and simulations.
Erik Bernstein is president of Bernstein Crisis Management. Erik started with BCM in 2009 as a writer and subsequently became social media manager for the consultancy itself as well as for a number of BCM clients before moving to the president position.