02-11-13 | Blog Post
Last month, the U.S. Department of Energy had its computer systems hacked. Last Friday, an email was sent to all the employees explaining that their Washington location had been compromised, making off with the personal information of employees and contractors. The DOE, who maintains control of important functions such as nuclear reactor production, energy conservation research and implementation, energy production, and radioactive waste disposal, says that none of the information taken was confidential. In an email to its employees, the DOE explained that it was taking steps to keep this from happening again in the future:
‘The Department is also leading an aggressive effort to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of the Department’s Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the Department’s networks and deploying specialized defense tools to protect sensitive assets.’
Similarly, this week the Federal Reserve admitted that it had one of its internal sites breached. Coupled with this attack is a claim by the activist group Anonymous that they had attacked the Fed, and had the personal information of over 4,000 bank executives to prove it. The Federal Reserve stated that the compromise did not adversely affect any functions that were critical to the bank system running as normal. The posted information included addresses, business and mobile numbers, as well as business emails. The Fed said that there were no passwords leaked. The Fed explained in their email that they plan to prevent future attacks with the increase in network monitoring to complement the implementation of other cyber defense strategies.
At the end of a week of these pretty high profile breaches (not to mention the New York Times, Twitter, and the Wall Street Journal), now seems like a great time to evaluate the technical, physical, and administrative security measures in place within your own company. Having safeguards like vulnerability scanning, a web application firewall (WAF), or two-factor authentication put extra layers of protection between a potential breach and your business.
