Although one could have easily expected federal government from around the globe to become more active in the IT security arena years ago, it has taken a significant amount of data breaches to really light the fire. Unfortunately, the lag between clear and imminent danger and the action taken to mitigate threats has put much of the world's private and public sectors far behind the eight ball, meaning leaders are constantly playing a game of catch-up.
As is the case with severe threats in any situation, allowing the problem to get out ahead of the effort to stop it will put the defending entity in a precarious position, and the only real way to make a big difference is to remain proactive. This is not much of an option at this point for governments, consumers or businesses, but entities must begin somewhere and at some time, and that time is unarguably now.
While the governments of the United States and Europe are already beginning to reform legislation and increase enforcement processes to better oversee goings-on in the private sector, they ought to be working to reduce their own level of risk as well. Cyber espionage, state-sanctioned data breaches and ordinary attacks are all converging to give agencies a run for their money, and even some of the most heavily guarded digital environments have been compromised in the past few years.
In both the United States and Europe, though, it has become clear that leaders are at least waking up to the issue and beginning to understand exactly how serious and widespread the threat of data breach has become for their agencies. This is indeed the first step toward progress, and one that will hopefully lead to swift action by way of increased investment in the necessary education, controls and security services.
The Associated Press recently reported that the government conducted a flash audit for the Office of Personnel Management and identified what lawmakers have referred to as being "serious concerns." As a note, the OPM breach that took place only a few days ago has been hailed as one of the more significant attacks on a federal agency in history, as military officials believe that as many as 4 million employees might have been impacted.
Additionally, this was one of the latest pieces of news in a long stream of somewhat disastrous events that have successfully intruded what should be extremely well-protected databases and systems. Remember, the White House fell to an attack not so long ago. According to the news provider, more news is beginning to surface regarding the types of processes OPM officials had followed when overhauling computer systems, which was marked at a $91 million project from the beginning.
The source affirmed that OPM Inspector General Patrick McFarland believes that the breach is far from being the only questionable matter in this discussion, and that the figure given for the estimate of cost was likely also inaccurate.
"We have serious concerns regarding OPM's management of this project," the AP cited from McFarland's statement. "The project is already underway and the agency has committed substantial funding, but it has not yet addressed several critical project-management requirements."
If nothing else, this shows that mismanagement of federal funds and data are plaguing a wealth of agencies, and negatively impacting the security of employees therein, not to mention the pockets of the American people. Simply put, something needs to change, and the audit that took place was at least one step in the right direction in this regard.
More progress abroad
The Hill reported that the European Union has made a major breakthrough in its data security laws and standards, with member states coming to an agreement regarding the finer points. It is difficult to not point out that nearly 30 countries have managed to come to this agreement before the United States made much progress in the arena of unified standards across regions and municipalities.
The news provider stated that EU members have already approved this new unified standard, and that the penalties for noncompliance are far more significant now than in the past, which will hopefully work in the favor of information protection. According to the source, a bit more work is still needed to completely finalize the standards, but officials there do believe it will all be set in stone within the next six months or so.
Most importantly, though, The Hill pointed out that unification is an important step toward stronger private-sector security, as one set of understandable and clear laws will be far easier to follow than divergent standards seen across sectors.
By following new laws and leveraging secure cloud, email encryption and other helpful tools, the governments of the world might just be able to turn the tide on hackers.