Request A Consultation

Department of Justice Investigates Data Breach of Court Records System

July 29, 2022

Tim Marley, VP for Audit, Risk, and Compliance at Cerberus Sentinel, comments on the data breach involving the Department of Justice federal court records system at Security Magazine, SiliconANGLE, and CyberWire.

“The impacts, in this case, are particularly challenging to measure. It isn’t a simple matter of lost credit card data, health information or other personal data.”

“Again, with impacts this significant, it’s difficult to understand why stronger preventative measures weren’t already in place.”

Click Here To Read The Full Story…

“We’ve learned to measure risk by examining threats, vulnerabilities and the potential impact to our assets, including systems and data.”

“When you look at the ‘startling breadth and scope’ of the breach and the references to adversaries including Russia and China, it does make you question whether anyone evaluated the risk associated with this system ahead of time. If the risks were adequately identified and scored, then what sort of decision was made in response?”

Click Here To Read The Full Story…

“According to the statement by the US Courts system in 2021, the breach was tied directly to the SolarWinds compromise. We’re seeing situations like these far too often. We depend on the services and products of third parties to manage our information systems in today’s environment. It is still our responsibility to ensure that these products and services are secure. Further, we need to have a response plan for when those products and services fail to meet our expectations.

“A mature Third-Party Risk Management (TPRM) program requires that we assess those vendors that could directly impact the confidentiality, integrity or availability of our systems and data. These assessments should be conducted prior to engaging with a new vendor and no less than annually for existing vendors. Over the last few years, we’ve observed significant growth and demand in the third-party audit and/or certification market. Service providers are voluntarily pursuing third-party attestation to appease their client base and maintain a mature security program.”

Click Here To Read The Full Story…