| Earlier this year it was discovered that the Office of Personnel Management’s (OPM) system had been breached and that several million records were accessed during this time. At this time, it is unclear actually how many records were compromised, only that the number is in the millions. |
Office of Personnel Management Data Breach & Social Engineering
In recent testimony, the OPM Director Katherine Archuleta stated that she knew there were problems regarding system security when she became director on May 23, 2013. When asked why these issues were not addressed and records were not encrypted, she said that “implementing encryption on systems as old as theirs was not feasible”, and a cybersecurity expert testified saying that “encryption would not have helped in this case, as the hackers used valid credentials most likely obtained by social engineering”.
The issue of not securing their systems aside (which is still a valid argument and an important step to take), the issue of social engineering again shows that unfortunately, the human element was the downfall in this instance. Somehow, somewhere, at some point, someone let their guard down and inadvertently gave the hacker(s) access to their system. This is one of the most common ways to infiltrate a business, not by bypassing a firewall or tricking an anti-virus program, but by a very intelligent person manipulating a password out of someone without their knowledge.
It is difficult to combat social engineering, as it can take many forms and will often not be the same con twice. The most important thing to remember is not to divulge any information to anyone unless you know that you are giving it to the right person for the right reasons. Slip-ups will happen, but a little training for employees can go a long way in securing your system.
Please: Share this article and the articles listed below to help educate your employees and associates.
