recommended reading

In Most Hacks, ‘the Common Denominator' is People


Congress asked industry tech leaders to offer insights for how the government might reduce the number of data breaches and shore up its cybersecurity posture.

Predictably, much of the discussion centered on tech leaders encouraging government to invest more money in cybersecurity, but for cash-strapped agencies, that may not be an option. Private sector companies spend more – sometimes as much as three times more, according to John Wood, chief executive officer of Telos Corporation – on cybersecurity than their public sector counterparts.

That’s a scary thought, but here’s another: The latest and greatest technology means absolutely nothing if your workforce isn’t properly trained and competent regarding the Internet.

“The overwhelming common denominator was people,” Wood said, speaking about a number of large-scale data breaches in retailers like Target and Neiman Marcus as well as the Office of Personnel Management hack that exposed personal information on more than 21 million past, current and prospective employees.

“Nearly all of these breaches could have been avoided,” Wood added.

Wood submitted a makeshift blueprint in his testimony for federal agencies to shore up their systems similar to policy efforts called for by U.S. Chief Information Officer Tony Scott in the “cybersecurity sprint.” They include establishing and enforcing cybersecurity policies and procedures, effective password management, proper training and routine patching and up-to-date endpoint solutions.

These common-sense efforts are cheap and promote improved cybersecurity posture. Had OPM followed them, perhaps we all wouldn’t be talking about it.

“At the risk of being a Monday-morning quarterback, in retrospect, had OPM been using two-factor authentications, encryption rest, and had they had log files, we would have a much different situation than perhaps we ended up having,” Wood said.

(Image via /

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.