Rich Campagna, CMO at Bitglass:
“All organizations have a responsibility to keep their employee data safe – there is no room for error. This is particularly true of governmental groups that are supposed to be serving citizens and protecting their personal information. Unfortunately, despite the amount and type of data that these organizations handle, many are unprepared when it comes to cybersecurity. The State Department’s recent authentication debacle serves as an example of this.
These kinds of breaches can have lasting consequences for all parties involved. Institutions that expose data lose the trust of employees and consumers, while individuals who have their information stolen may be forced to grapple with the long-term effects of identity theft. As such, governmental organizations must adopt modern security technologies. Dynamic identity management solutions, for instance, can verify users’ identities, detect potential intrusions, and enforce multi-factor authentication in a real-time, step-up fashion.”
Ruchika Mishra, Director of Products and Solutions at Balbix:
“It has become increasingly difficult for large organizations to watch over the ever-growing volume of end-users, devices and applications, which has accelerated with the proliferation of IoT and Industrial Control Systems (ICS) in the workplace.
Further challenges appear as organizations commonly allow employees to access their work from their own devices (BYOD), whether it is managed by their IT department or not. Government organizations, in particular, need to have full visibility into all of their IT assets and the devices accessing their network.
A proactive approach to breach avoidance starts with putting the right tools in place. While only a small percentage of State Department employees were impacted and the breach did not appear to put classified information at risk, it is clear that a number of government departments must do more to identify potential breach risk scenarios and proactively take the necessary steps to avoid future breaches.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.