Justification of Choice for News of Information Security Breach

Discuss about the Hacks of OPM Databases.

In this report, we are going to discuss about a one year old news of information security breaches. Information security breaches put vulnerable impact on business organizations, its reputation and their customers whose data is saved into database of organization. For last many years, various information breaches have seen by users of IT and till now they are bearing loss of those breaches. The main reason for these information security breach is improper management of information into database, lack of security and authorized access of data. To mitigate these breaches both users and developers need to be responsible. Now in this report, we will discuss about information security breach in detail with its countermeasures. (Gallagher, 2015)

The news of information security breach that we will thoroughly discuss here in this report is about “Hacks of OPM Databases”. We have selected this news because it is one of ten most popular news of information security breaches and a wide range of customers of this company have compromised with this problem. It will be good to understand about actual breach and how it happened and who was affected due to this. This selected news is related information security breach because in this incident, sensitive data of current and former employees has stolen by hackers. It means confidential information of customers of company has stolen by hackers. (U.S. Office of Personnel Management, 2016)

This is an important segment of this report that describes both technical and non-technical reasons of this information security breach. According to analysis, it is found that personal information of at least 22.1 million people have been stolen and this information includes addresses, mental health and criminal records. It means personal and official information of employees and other members of organization has lost. In this incident of information security leakage, U.S government databases are hacked by hackers. These databases of U.S government holding files of security clearance and personal records that exposed sensitive information near about 22.1 million people. According to resources of this news, not only personal records are hacked of current and former employees by hackers but also widespread information of their friends and relatives have also stolen. It means large number of victims were influenced by this. According to officials of this attack, this security breach is done by China’s domestic civilian spying program. This is a non-technical reason about this attack and we will discuss about this in detail later in this report. Here are some technical reasons of this attack:

• The first technical reason for this OPM information breach is lack of security in accessing system. Hackers are unauthorized users and if they were successful to hack this system, then it means there is some deficiency in authorized process of system.
• Other technical issue is regarding improper security database. It was responsibility of database administrator to set access permissions by using strong login credentials and these credentials must not be easy to guess. (Deac, 2015)
• Lack of usage of network intrusion monitoring software which has capability to give alert in case of any wrong activity into network, periodical monitoring of database and network is required here.
• No proper use of spyware and anti-virus that can prevent system and database from vulnerable attacks. According to analysis, it is found malware was gone into database and through a programming script, information has been collected.
• Other major security issue is that hackers were conducted background investigation about OPM databases for last many days. In this investigation, hackers were investigating, current, former and federal employees’ information and then with the help of this information they have conducted this attack. (S. Office of Personnel Management, 2016)
• Next technical issue of this information security breach is that, OPM systems are found insecure. There is problem in working of these systems and can be easily hacked. Poor maintenance is also a big reason for this hacking attack on OPM systems

Reason for Breaches

Besides these, technical issues, there are also some non-technical issues found for this attack. As we have already mentioned above that investors have investigating that attackers were belong to China’s domestic civilian spying program on American citizens. According to FBI Director James B. Comey, it is treasure trove of information for everyone who are working with, worked with and tried to work with United States government. Here China is suspected for stealing large amounts of data on Americans and it was part of strategic plan for increasing intelligence collection. This reason is non-technical, because it is concerned with government levels of USA and China. Investigators of this attack are trying to find out exact reason for this information security breach. Foreign spy service is also used by U.S government to identify solid reason for this attack. (USA TODAY, 2016)

According to evaluation of this security breach of OPM, this was severely bad attack for government of United States of America. Due to exposure of data which can be used in other cyber espionage operation includes spear phishing attacks and blackmailing. Besides this, following social impacts were also encountered by OPM. (Corbin, 2016)

Any kind of security breach whether it is small or large put bad impact on all people who are victim of that attack. OPM databases attack was not less harmful, it has impacted a wide range of people, their families and friends. Here we have some social impacts of this information security breach that must be considered by other countries and must try to understand all technical and non-technical issues of this breach. (InformationWeek, 2016)

• The first impact of this attack is that due to this personal information of federal, official and their families and friends. They have lost their whole personal information in this attack.
• This attack has posed a big security question for US government that they can further maintain security of their employees through their databases or not.
• Due to this attack, OPM has faced a big challenge in budget and resources that are required for improvement in IT security. This thing will also put influence over better security practices. (FCW, 2016)
• Due to leakage of information, this can be misused by hackers and government of other countries. This a big question for reputation of US government.

These are some essential impacts of OPM information security breach. These impacts are social and as well as economic. After this attack, citizens of America are worried about their personal information that is stored into OPM databases. (Nakashima, 2016)

From above discussion, it is cleared that this information security breach was very much vulnerable for Americans and they still have impact of this attack.( Krebsonsecurity.com, 2016) Here are some essential remedies for controlling this attack and must be implemented successfully by US government. These remedies are listed as below:

• It is necessary for U.S government to improve its security activities and parameters. Better and strict policies are required to implement for securing database of OPM.
• The authorization and configuration management of system and database need to improve. If system will not be configured properly then it may definitely hacked by hackers. Centralized system of storing data should be maintained properly by OPM.
• Administrating department of OPM must take steps to improve security and to call attention to threats. Setting of permissions to users and employees must be provided carefully by administrator. (Nextgov, 2015)
• There is also requirement to evaluate and monitor effectiveness and security controls that are required for confidential information that is stored into database.
• Third party software those provide prevention from malware and other virus attacks must be installed into system and firewall configuration must also be implemented into these types of system. Network monitoring software is also required to monitor networks and to detect harmful entities those can put vulnerable impact over system. (Lawfare,2016)

These remedies will provide successful results if these will be implemented appropriately by technical experts. Not only OPM databases, but other companies’ databases should be aware about these security and privacy issues.

Conclusion

After this whole discussion about OPM information security breach, we can say that this discussed attack was so much vulnerable and there were various technical and non-technical reasons exist for this attack. In this report, we have discussed remedies for mitigated these security issues. Lack of these security tools and techniques directly lead to harmful attacks. Hackers always try to find out weak points of an information system from where they can access unauthorized information. These weak points are left due to lack of awareness and knowledge about how to protect system and database. If users will have information about this, then most of the systems can be remedies. 

References

U.S. Office of Personnel Management. (2016). OPM Announces Steps to Protect Federal Workers and Others From Cyber Threats. (2016). Retrieved 22 September 2016, from https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/

Corbin, K. (2016). How OPM data breach could have been prevented. CIO. Retrieved 22 September 2016, from https://www.cio.com/article/2947453/data-breach/how-opm-data-breach-could-have-been-prevented.html

FCW. (2016). Exclusive: The OPM breach details you haven’t seen — FCW. (2015). Retrieved 22 September 2016, from https://fcw.com/articles/2015/08/21/opm-breach-timeline.aspx

Nakashima, E. (2016). Hacks of OPM databases compromised 22.1 million people, federal authorities say. Washington Post. Retrieved 22 September 2016, from https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/

Deac, A. (2015). The Top 10 Worst Cyber Security Breaches from 2013-2015 | TruShield. Trushieldinc.com. Retrieved 22 September 2016, from https://trushieldinc.com/the-top-10-worst-cyber-security-breaches-from-2013-2015/

Nextgov. (2015). Timeline: What We Know About the OPM Breach (UPDATED). Retrieved 22 September 2016, from https://www.nextgov.com/cybersecurity/2015/06/timeline-what-we-know-about-opm-breach/115603/

Gallagher, S. (2015). “EPIC” fail—how OPM hackers tapped the mother lode of espionage data. Ars Technica. Retrieved 22 September 2016, from https://arstechnica.com/security/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/

Lawfare.(2016). Why the OPM Hack Is Far Worse Than You Imagine. Retrieved 22 September 2016, from https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagine

USA TODAY. (2016). OPM hack Q&A: What we know and what we don’t. Retrieved 22 September 2016, from https://www.usatoday.com/story/news/politics/2015/06/27/opm-hack-questions-and-answers/29333211/

InformationWeek. (2016).OPM Breach Leads To New Systems, Procedures – InformationWeek. Retrieved 22 September 2016, from https://www.informationweek.com/strategic-cio/security-and-risk-strategy/opm-breach-leads-to-new-systems-procedures/a/d-id/1324077

U.S. Office of Personnel Management.(2016). OPM Announces Steps to Protect Federal Workers and Others From Cyber Threats. Retrieved 22 September 2016, from https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/

Krebsonsecurity.com. (2016). Catching Up on the OPM Breach — Krebs on Security. Retrieved 22 September 2016, from https://krebsonsecurity.com/2015/06/catching-up-on-the-opm-breach/