We all know the negative outcomes of the data breach at the Office of Personnel Management (OPM) and can only hope that there are no more surprises stemming from the hack. Yet, despite the gloom and doom, the attack has delivered some positives and has quickly become a major catalyst for change in how the government approaches cybersecurity. Below are two positives (and more to come), that we’ve been able to identify so far:

IT security threats are getting increasingly sophisticated – zero-day threats, propagating worms, and low-and-slow attacks – each of which defy most detection mechanisms and keep CISOs increasingly on their toes.

According to the Government Accountability Office (GAO), over 25,500 data incidents at federal agencies occurred in 2013 alone. Breaches in 2014 also occurred in highly visible agencies like the White House, State Department and Postal Service just to name a few.  To avoid being on GAO’s 2015 report, agencies need to take a 3-step approach to prevent data breaches:

1. Implement real-time network visibility

IT organizations have never been as well equipped to deal with sophisticated security threats as they are today. But at the same time, IT organizations have never been at greater risk.

Despite putting in place policies, controls, technologies and so on, cyber adversaries have never been in a greater position of strength. According to DLT partner, ForeScout, attackers are increasingly coordinated and have a wealth of resources to draw from, including hacking communities, organized crime, and nation states.

With the recent data breach at OPM, the spotlight has firmly been on federal data breaches and the vulnerabilities that expose sensitive employee and citizen information to would-be hackers.

Back in May, I wrote about the 6 Elements of a Government Insider Threat Program as recommended by a panel of government and industry experts at this year’s Symantec Government Symposium in Washington, D.C.

#1 on the list was educating the workforce.

With fewer resources than the private sector, yet faced with the same threats, the U.S. government is dealing with a complex dilemma. Both the public and government employees demand accountability for data breaches, but few understand the challenges that federal CIOs face – hiring and keeping specialized talent, paying for the hardware and software, and keeping pace with changing political agendas.

Data breach after data breach – attacks on federal IT systems are becoming a regular occurrence. And, as the true scope and impact of the recent cyberattack on OPM’s systems continues to unravel (read our 8 facts about the OPM breach to learn more) – cybersecurity has moved firmly center state as the White House’s number one priority.

In the wake of the recent announcement of a massive data breach at the federal government’s Office of Personnel Management (OPM), blame was quickly laid at the door of state-sponsored Chinese hackers (although U.S. officials fell short of an all-out accusation).

While China denies any involvement, cybersecurity analysts suggest that the breach carried all the hallmarks of a state-sponsored attack, such as evidence of highly organized teams that focus on the same targets, often for years, and outside of regular hours.

Earlier this spring, Symantec released its 2015 Internet Security Threat Report and as you can imagine the findings were pretty scary (if you don’t want to download the entire report, you can read the summary here).