Home > Articles, Blogs, Techie Tips > What You Can Learn from the White House Security Breach

What You Can Learn from the White House Security Breach

Lately, the news has been plastered with stories about high-profile cyber security breaches. One cannot help but reflect on the threats facing his organization when news like this comes up. In recent weeks, the organization that fell prey to cyber attacks was perhaps one of the highest-profile targets of all: the White House.

Too many businesses and organizations simply assume that they are immune from cyber attacks. Small and mid-sized businesses may assume they are too small to draw the interest of hackers, while larger organizations may assume that the defenses they already have in place are impregnable. Both assumptions are dangerous ones to make. If the news about the recent White House hack has taught us anything, it’s that anyone can fall victim to an attack, and that there’s no such thing as an organization that’s completely safe from hacking. Read on for more lessons from the attack.

What You Can Learn from White House Security Breach

1. Be Ready to Respond Quickly to Threats

An important lesson in cyber security is that you have to take control where you can, to combat the things you can’t control. The cyber security team charged with protecting the White House networks isn’t able to control potential threats to the government of the United States, and they can’t always predict the very sophisticated methods those malicious actors use in order to execute their attacks.

However, they are able to control the speed at which they respond once an attack is detected, and all indications show that this time, they responded immediately. As a result, they were able to prevent any major damage to the system, and keep service disruptions to a minimum. The lesson: trying to prevent breaches is an admirable goal, but you can’t pursue it exclusively. It’s important to also consider how your organization would respond when a breach does occur.

2. Prioritize Your Security Resources to Keep Your Most Important Data and Assets Safe

Just like it’s not possible to prevent 100 percent of attacks from occurring, it’s also not possible to keep 100 percent of data and assets safe in the event of an attack. It’s important to note that the White House breach occurred on the unclassified network, while reports indicate that the classified network was not affected by the breach.

The lesson here is that every organization has data that they’d like to be able to protect, and data that they absolutely must protect at all costs, and they must prioritize accordingly. In the White House’s case, they were able to keep data on the classified network safe because they prioritized their security resources specifically to protect that network. By doing the same, your organization can limit the damage caused by a breach.

3. Cyber Security is a Team Effort

For a large, complex organization like the United States government, it only stands to reason that the response to a security incident would involve multiple stakeholders. Reports indicate that the FBI, Secret Service, and National Security Agency have all played an important role in responding to the attacks. It's also noteworthy that the breach was first brought to the attention of the White House by an ally, and not by a member of their own staff. Finally, responding to the attacks involved the individual users of the network, who were required to do things like change passwords in order to limit the extent of the damage caused by the breach.

The lesson is that everyone must play a role in keeping an organization safe, not just a few top security professionals. Take the time to make sure that you have security procedures in place for employees, and that all employees know how to execute the procedures in the event of a breach.

Aventis Systems understands how important data security is for an organization. To learn more about data security threats to small and mid-sized businesses, download our whitepaper today. Contact us with any concerns or questions about your organization’s security needs.