The big news broke over the weekend: The Pentagon—headquarters of the United States Department of Defense—suffered a data breach compromising thousands of people. While the exact number isn’t known, as many as 30,000 military and civilian workers might have been affected (and possibly more). The attack could have exposed personal information and credit card information, but reportedly no classified materials were compromised.
Apparent from the prestige of the target, this may seem like a mundane breach in a digital era defined by such attacks. In fact, it may seem comparatively small: Facebook recently confirmed somewhere between 29 and 30 million users were compromised in its data breach.
However, the Pentagon Hack actually embodies the modern digital threat for enterprises and small businesses alike. You may consider the Pentagon Hack the epitome of the most common patterns of enterprise data exposures.
So here’s what the Pentagon Hack can teach enterprises about digital threats and how to prepare for them:
No One…NO ONE…Is Safe
If there is one organization you would hackers would avoid, it would be the headquarters of the military branch of the United States government. Yet the Pentagon Hack reveals just how willing hackers will go to get what they want…and ultimately no enterprise, organization, or governmental office is safe from their wrath.
Plenty of small businesses and larger enterprises have neglected to invest in cybersecurity or update their legacy solutions. These businesses reason: “we’re too small of a business or too obscure of an industry for hackers to notice.” Unfortunately, such logic has proven inaccurate multiple times over in 2018 alone. If your enterprise has neglected its cybersecurity up to this point, consider a wake-up call: you can’t protect yourself with hope alone.
Third Parties Are Still a Weak Link
The Pentagon Hack of 2018 is not the only attack the organization has dealt with in the era of digital threats. In 2015 the Department of Defense suffered multiple hacks, including one forcing them to temporarily shut down their email.
Since then, the Department of Defense hardened their cyber defenses, initiated a successful bug bounty program, and implemented a new threat disclosure process. They felt confident at the time to move forward with confidence and put these attacks behind them.
So how did the Pentagon Hacker of 2018 happen? Simple: the hackers snuck in through a third party vendor.
The hackers broke in through the travel records of an as-yet-unnamed third party contractor. This is one of the most difficult concepts for enterprises and organizations to grasp, even as it becomes one of the most important lessons in modern cybersecurity: your digital security relies on more than just your cybersecurity solutions.
Your enterprise also needs to evaluate the digital protection platforms of your third-party vendors, contractors, and partners. If possible, you need to mandate your partners have comparable cybersecurity protections on their networks to prevent hackers from leapfrogging into your own databases. Further, you need to make sure to restrict your third party credentials and access to ensure malicious actors cannot abuse them as severely.
The Greatest Threat of All is Dwell Time
Q: The Pentagon Hack was discovered on October 4. How long were hackers on the Department of Defense databases?
A: No one knows. It is entirely possible that the hackers intruded months ago and dwelt there undetected.
Security analytics and SIEM solutions are vital to reducing attacker dwell time on your network. The longer an attacker dwells on your enterprise network, the more damage they can do and less apparent the scope of the damage will be when you do discover the attack.
The Pentagon Hack is a case study. So make sure your enterprise studies it…and takes its lessons to heart.
Latest posts by Ben Canner (see all)
- What Drives Business SIEM Adoption in 2020? 5 Factors - February 25, 2020
- Egress Study Reveals Perils of Insider Data Breaches - February 24, 2020
- Netskope Releases February 2020 Netskope Cloud and Threat Report - February 21, 2020