With data under siege, it’s time for new attitude, new approach to cybersecurity
True or False? There was no way the Office of Personnel Management could have prevented hackers from stealing the sensitive personal information of 4.1 million federal employees, past and present.
If you guessed “False,” you’d be wrong. If you guessed, “True,” you’d also be wrong.
The correct response is: “Ask a different question.” Serious data breaches keep happening because there is no black-and-white answer to the data breach quagmire. So what should we be doing? That’s the right question, and the answer is decidedly that we should be trying something else.
The parade of data breaches that expose information that should be untouchable continues because we’re not asking the right questions. It persists because the underlying conditions that make breaches not only possible, but inevitable, haven’t changed—and yet we somehow magically think that everything will be all right. Of course, we keep getting compromised by a short list of usual suspects, and there’s a reason. We’re focused too much on the “who” and not asking simple questions, like, “How can we reliably put sensitive information out of harm’s way while we work on shoring up our cyber defenses?”