The aftermath of the OPM breach is beginning to play out with Congress calling for resignations. The Wall Street Journal reports on official hearings with conflicted testimony. The Chairman of the House Committee on Oversight and GOvernemtn Reform Rep. Jason Chaffetz stated:
“I hear, ‘We are doing a great job.’ You are not. It is failing.”
The failure of the Office of Personnel Management to prevent this massive government data breach has rallied bipartisan support for the resignation of Director Katherine Archuleta.
Congressional Cyber Security Caucus co-chair Rep. Jim Langevin has stated:
“I have seen no evidence Ms. Archuleta understands this central principle of cyber governance, and I am deeply concerned by her refusal to acknowledge her culpability in the breach. I therefore believe that Ms. Archuleta should tender her resignation immediately.”
If Archuleta does resign, it would not be the first time we have seen someone lose their job from a cyber security breach. In 2014, Target’s CEO resigned after its massive data breach.
Security & The Status Quo
It is not enough to continue doing what has always been done because hackers continue to innovate new attack vectors.
Rep. Langevin continued:
“While I appreciate that Ms. Archuleta inherited a difficult situation, her first budget request continued to reflect the status quo even as the warnings continued.”
For information security professionals that have been watching this story develop, this should serve as a stark reminder that the impact of a data breach is not only the loss of data, but potentially the loss of a job.
Unfortunately, so much of security is stuck in the “status quo.” There are so many security vendors that actively promote a philosophy that “you will be breached” or “assume compromise,” so it should come as no surprise when these vendor’s solutions are breached. Of course, these vendors are not left with the responsibility to fall on their swords. If a security vendor tells you that you will be breached, what are they even selling you?
Bromium has pioneered a proactive approach to preventing data breaches, which is so much more useful than reacting to the detection of a breach. Threat isolation separates unknown and untrusted tasks and processes from trusted and critical computing resources to stop data breaches. By moving past the status quo, Bromium can isolate threats to prevent breaches.