It was recently reported that Chinese cyber-spies hacked U.S. defense contractor QinetiQ North America’s computers for three years. These hackers compromised most (if not all) of the company’s research, including work on secret satellites, drones and software used by U.S. Special Forces. According to a Pentagon spokesperson, the Pentagon is now working closely with QinetiQ to determine the exact scope of the breach.
The unfortunate situation that QinetiQ faces is one that other companies and government can expect with greater frequency. Fact is, perimeter security is failing; our adversaries are in the network and have resolved to persist until they get what matters - valuable data. It's time for organizations of all sizes to protect what matters by putting in place a comprehensive data-centric security plan that includes advanced encryption and key management as well as security intelligence to tell them exactly who is accessing what files, when and where.
Far too many organizations just don't realize what data they may have already lost or what data is currently in jeopardy. To reverse the trend, we must render useless to them whatever data they manage to steal – and that means locking down valuable data in a preemptive and comprehensive fashion.
The first step in this process is identifying exactly what your sensitive data is and where is resides. Then you can begin to lock that data down at the source and put strict access policies in place to monitor when and who views the data.
There have been far too many data breach headlines this year and it’s only May. There are only so many times that security companies can outline security best practices. It falls to enterprises to take that advice and protect what matters before they become next week’s data breach headline. Their brand reputations and our national security depend on it.
Wayne Lewandowski is Vormetric’s area vice president, federal. Follow him on Twitter @Wayne42675.