Follow-on From RSA, And Retaliation On Tap?

When I initially came across the story of the LockheedMartin breach, my first instinct was that this was the first such episode I'd heard of that had been handled swiftly, with proper safeguards and would likely spare the breached entity more news time than was warranted - at least at such an early stage. I even stated so on Twitter. 

Well, the media loves a juicy story and can't often resist the temptation for speculation and since last week's initial report of the breach, more stories have turned up to speculate on the nature and potential common thread of the breach. Apparently, we ain't seen nothing yet, as the saying goes, however, what has me most interested is the news coming out of the Pentagon about how the US Government plans to begin responding to such attacks, with its allies (hopefully) in tow. While identifying said actors and balancing the diplomatic tightrope of acting in turn against these individuals (especially since the data compromised is not identified or its uses made clear until well after a breach) should prove to be a challenge for the US government for some time to come. 

What's the lesson? Ensuring an updated risk profile for your organization is in hand, identifying the critical data that is likely to be compromised and the resulting risk of its compromise and a detailed response plan being in place are the best defenses for any organization. Only time will tell what the true extent of the Lockheed breach is, and whether the RSA breach that preceded it was, in some ways, a red herring and the true, targeted attacks are yet to come. Now might be a good time to review RBAC policies and standards, it's certainly the right time to be thinking about breaches, regardless of your industry, and especially if you're relying on someone else to secure your data. 

How well protected do you feel in light of news of Lockheed's breach? More, less, or has it simply amplified calls for protection inside your company?