How Hillary Clinton's Sensitive Email Problem Might Have Been Avoided
All of Target's security protections sent out high-priority alarms as soon as the malware and the data breach were detected. The hackers left a broad trail behind them, including files containing the stolen credit card numbers and indications as to who and where the hackers were. The Target breach could have been stopped at any time before the data was removed from the network. Yet nothing was done. Apparently Target's security staff ignored the warnings and took no measures of any kind. The staff even turned off functions within the FireEye security system that would have removed the malware automatically. While the turn of events could cast serious questions about the Target staff, the reality appears to be that they simply didn't know what to do. This also seems to be the case with the OPM breach. Despite being chronically underfunded, there were some basic security moves that its IT staff could have done, if only they had thought to do so. In that case, simply following good security practices would have cost nothing, but doing so did require thought and effort, which do not appear to have been present at OPM. Of course, these are not the only instances in which human factors were a primary cause of a breach. They just happen to be two of which most people have heard. But as Target demonstrated clearly, buying the right products does you no good if you're too dumb or too untrained or too unmotivated to use them. And as OPM demonstrated, you don't need to have a ton of money to take appropriate security steps; you simply have to decide to take them.While the people at Secure Islands appear to have built an effective, easy-to-use solution to keeping email secure, that alone won't solve problems for organizations that will not or cannot use it. The first step in security has to be a desire to secure your data. Unfortunately, there's no product in the world that can implement that desire.
Likewise, securing the former secretary of state's ad hoc email system was possible, and might have prevented much of the questioning that's going on now. But that would only work in the presence of a desire for a properly secure system in the first place.