Ultimately, the goal of any group’s security department is to keep their data from being compromised. This isn’t necessarily the same thing as preventing breaches – intrusions occur on all servers. Instead, the issue that government organizations need to be aware of is how to limit damage when an attack occurs. The best defense here does not consist of creating impenetrable servers, but storing information in such a way that its theft does as little damage as possible. To this end, encryption, strong security policies about data storage and good archival policies can protect a federal agency’s information better than anything else.
There is no better example of the need for care when dealing with patient information than the recent Anthem cyberattack. This health insurance provider allowed cyber assailants to gain access to the personal information of 80 million current and former members, according to Adam Rubenfire of Modern Healthcare. This disastrous breach highlights the damage that can be done to clients and citizens when the organizations that host their data have their defenses passed. The information leaked included, “names, birthdays, medical IDs, Social Security numbers, addresses, employment information and income data.” It is expected that Anthem will suffer hundreds of millions of dollars in damages due to the attack.
Defense and protection in the age of cyberwarfare
Developing solid defenses against this kind of attack is difficult for many government organizations, and mandates from on high can be hard to implement. The recent call for better cybersecurity practices on the part of Chinese companies has has been met with resistance by U.S. lawmakers and businesses, saying that the new restrictions would hurt market opportunities abroad and in the United States. Keeping information safely held while also avoiding loss is a commendable goal for organizations, but the costs can be dear.
Agencies that don’t know how to protect their data should investigate cloud computing for local government groups. This can allow these smaller teams to store data on highly secure cloud systems, letting those workers to get IT support form the cloud vendors, instead of having to provide it themselves. Those workers can then deal with the problems they are facing at an individual level instead of focusing on cybersecurity. While a cloud platform alone is not enough to protect a group’s data from being leaked, a combination of smart security policies and tight control over the data stored on that cloud can make the agency’s data much safer.