Safeguarding Data from Politically Motivated BreachesSecurity Expert Sean Curran on Protecting High-Profile Targets
The recent hacker attack targeting the drug records of Olympic athletes, as well as other breaches involving high-profile targets, highlight the challenges involved in protecting sensitive data from external attackers or malicious insiders driven by political and other causes, says security expert Sean Curran.
On Sept. 13, the World Anti-Doping Agency, which organizes drug testing schedules for athletes, confirmed that it was among the latest organizations allegedly attacked by what appears to be a group of Russian hackers known as Fancy Bear.
That leak of several U.S. Olympic athletes' drug testing results adds to what's been an unprecedented run of high-profile hacks with seeming political intent that have come to light in the past three months, starting with the attack against the Democratic National Committee.
The DNC's internal emails, also believed to have been compromised by Fancy Bear, were passed to WikiLeaks, causing a scandal within the Democratic Party and leading to the resignation of DNC Chair Debbie Wasserman Schultz. Other Democratic Party organizations were also hacked, including Hillary Clinton's campaign team.
Keeping Tabs on Data
All organizations need to better understand the potential value of all the data they collect - including sensitive information pertaining to high-profile individuals, says Curran, a director in the security and infrastructure practice at the consulting firm West Monroe Partners, in an interview with Information Security Media Group.
"Make sure you understand everywhere [that data] is located," he stresses. "The big challenge we see with most organizations is the data they were collecting 10 years ago and stored in one major system is now being replicated to other locations and other components of their business. So minimizing that replication and minimizing the locations where it's stored helps to reduce the likelihood of it being compromised."
In the interview, Curran also discusses:
- Steps that can help reduce the risk of sensitive information being compromised by breaches;
- Lessons from the recent hack attack on WADA;
- Why more breaches of sensitive information about celebrities are likely.
At the business and technology consultancy West Monroe Partners, Curran is a director in its security and infrastructure practice, based in Chicago. He has more than 20 years of business consulting and large-scale infrastructure experience across a range of industries and IT domains. Prior to joining West Monroe Partners in 2014, Curran led Protiviti's central region IT security and privacy practice. Before that, he had roles at the National Australia Bank and Lucent Technologies.