A quick training session after a network breach is a good idea, but the Joint Chiefs of Staff need to apply military practices to solving their phishing problem.
When the offices of the Joint Chiefs of Staff at the Pentagon were hacked three weeks ago, the hackers, who were apparently from Russia, harvested a trove of unclassified but sensitive data.
What happened is that those hackers managed to launch a phishing attack against one or more people at the JCS and were successful in at least one case. Fortunately, it wasn’t long before cyber-security systems discovered them in the Pentagon’s unclassified mail system and shut the system down.Shutting the system down limited the damage and ensured that no more information would be extracted until security personnel could determine exactly how the hackers had gotten in and what information they’d taken. They’re still working on that.
Meanwhile, The Wall Street Journal reports that JCS personnel received a one-hour training session on what a phishing attack is and how to avoid one. Such a training session is probably a good thing since it’s important to help the staff understand the problem. But for an organization that’s handling our country’s sensitive national defense information, one has to wonder if that’s all they’re going to get.