Greg Touhill, less than a week after his resignation as the first government-wide chief information security officer (CISO), estimated that the cybersecurity breach at the Office of Personnel Management (OPM) could cost the government more than $1 billion in identity management solutions over the next decade.
Speaking at the Institute for Critical Infrastructure Technology’s Winter Summit, Touhill helped give a little more insight into the potential financial cost of the 2014 breach. OPM issued a contract in 2015 that could be worth more than $500 million to provide credit monitoring to the more than 21 million people affected by the breach.
The OPM breach offers two key learning opportunities for the Trump administration, even two-plus years after it happened. First, the breach shows not only the personal impact on citizens, but also the financial crunch on government. Touhill’s $1 billion estimate is just part of what the total cost will be to government, an amount that may not be fully known for many years to come.
Second, the OPM breach can serve as a warning to take future threats seriously. The Trump administration has already issued an outline of its cybersecurity policy. As the administration takes root, equipping agencies with the right tools and policies will be paramount. The OPM breach is the worst government cyberattack in history, but one that could be repeated without proper care.
Data loss prevention (DLP) has been proven to be one of the best tools to mitigate the possibility of a significant breach like we saw with OPM. DLP can restrict confidential information like logins and passwords from leaving the safety of the network. It can also prevent data breaches from becoming major incidents, monitoring what confidential information is leaving a network’s endpoints. Additionally, it allows security staff to determine what was compromised, through what channel and more. DLP solutions protect the one thing that hackers want: data.
By placing a focus on incorporating DLP solutions into an overall cyber strategy, the Trump administration can promote the reduction in cyber breaches, while reducing their severity – and financial implications – at the same time.
For more information about DLP, read this report.