Agency tech staffs must, by law and regulation, report cybersecurity breaches. But some industry surveys show that organizations do not always report breaches, because who wants their own head to roll? For some insight on the whole notion of compliance, Federal Drive with Tom Temin spoke with Igor Volovich, the Vice President for Compliance Strategy at Qmulos.
Tom Temin There have been surveys out by some of the companies and I think Bitdefender that showed that a large portion of IT executives feel that they are urged by their organizations to not report security breaches and just kind of bury them. What’s your sense of whether this even happens in the federal sector or not?
Igor Volovich Well, I think we’ve seen some of this recently. We saw the infamous case of Rocketdyne Aerojet, that actually had a whistleblower come out and say, well, we were actually told to conceal the fact that we’re not compliant. And for a number of years when they were executing out of their federal contract, they were claiming to be compliant with cybersecurity regulations and standards, and they weren’t right. So the rockets flew the, they the company got paid and yet they were basically not performing on their federal contract and the whistleblower exposed it. So there are a couple of ways that this comes to light, typically. Yes. Whistle blowers. And the other one, well, you got breached. So, yes, you can conceal one breach, but not all of them. And as environment get breached all the time, it’s unlikely that you can keep that game up forever.
Tom Temin Because in the great OPM breach o ..
Support the originator by clicking the read the rest link below.
