Fintech Today
  • About
  • Banking
  • Insurance
  • Resources
    • COVID-19
Subscribe
No Result
View All Result
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
Fintech Today
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
No Result
View All Result
Fintech Today
No Result
View All Result
Home Banking

Response is Everything When it Comes to Data Breaches

by Mark Katz
October 31, 2017
in Banking
Reading Time: 4 mins read
A A
Share on FacebookShare on Twitter

National Cyber Security Awareness MonthNothing instills fear into C-level executives and boards like data breaches. Equifax is the most recent example, pointing to assorted vulnerabilities either on the “human component” or on the infrastructure side. The sobering news is, regardless of what the level of security measures a firm has in place, there will ultimately be a breach. I don’t mean to be a “Debbie Downer” here, but response is everything.

JPMorgan, Sony, Home Depot, and Target have all unfortunately been on the receiving end with real fallout.  One consequence, of course, is that CIOs and CISOs lose their jobs, with the firms left hoping  that the next C-level can protect it. Groundhog Day. On the surface, that at least mitigates further headline risk. However, with data security, there are too many variables, and too much can go wrong despite the best planning efforts of any CISO or CIO. Firms can be confronted with their prized data assets being breached, or worse, subtly manipulated.  And the challenge is that some of these attacks lie in wait on the host for months, making those almost “undetectable” changes to the data. Try doing Machine Learning, AI, or predictive analytics when the data has been “slightly manipulated.” Finally, the resulting headlines can affect a firm’s reputation, which erodes trust, ultimately affecting share price.

There is both a dollar and concomitant reputational risk associated with data breaches. The total annual cost is roughly $80 billion to all organizations globally. And according to IDC, the worldwide spend on cybersecurity will reach $100 Billion by 2020. Organizations are trying to figure out a great way to deploy those assets, but most of the efforts are on network security, and not data security. The dollars are deployed the wrong way. This is where it is worthwhile to employ an outside security firm to:

  1. Assess the organization’s overall risk
  2. Work with an outside firm/vendor to develop a strategy for each security component
  3. Eventually develop a rapid response to breach
  4. Develop a strategy for continuous improvement

Firms are scrambling for tighter controls, better tools, and maybe some Hail Mary’s. These approaches are necessary, but not sufficient (except for the Hail Mary’s, that can sometimes work). Do firewalls save the day?  Can bespoke security rules for each platform or application, with developers embedding their own security measures, keep the wolves at bay? The resounding answer is no. Firms need to be prepared with robust response plans in addition to best practices around security measures. Response readiness greatly mitigates overall risk, and can bring a firm back to operational robustness in less time.   Response plans have a lot in common with BCDR plans, in that there has to be tight integration and understanding of risk with the business. In fact, the response plan should be tied into the BCDR plans if done correctly (get breached, what are your Recovery Time and Recovery Point Objectives?)

Response plans don’t work in isolation. There are other steps that are a necessary part of the process including Security Governance, Data Loss Preventions, BCDR (data backup with RTO and RPO objectives), Training the Human (big lift), Policies and Procedures that are fully vetted and understood within the organization, and Software and Hardware Hygiene (software and firmware updates as recommended).

Since breaches will happen, the response plan does indeed need to be robust with as many scenarios considered as possible. And those scenarios and responses need to be communicated and understood by the C-levels and the board. Like the Boy Scouts urge, always be prepared.

 

 

Tags: CIOcybersecuritydata breachdata securityEquifaxMark Katz

RELATED POSTS

Contributed Articles

Cybercrime and Cyber Risk: Strategies for Protecting Your Organization

February 2, 2023
Minimizing Phishing for Financial Services Institutions with Enhanced Email Security
Banking

Minimizing Phishing for Financial Services Institutions with Enhanced Email Security

November 8, 2022
With a Virtual CISO, Financial Services Institutions Can Upgrade Their Security Posture
Banking

With a Virtual CISO, Financial Services Institutions Can Upgrade Their Security Posture

October 27, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

TRENDING NOW

  • Cybercrime and Cyber Risk: Strategies for Protecting Your Organization

    503 shares
    Share 201 Tweet 126
  • What 2023 Means for Commercial Construction Lending

    515 shares
    Share 206 Tweet 129
  • Arizona’s Motor Vehicles Department (MVD) Makes Payment Offerings More Accessible

    657 shares
    Share 263 Tweet 164
  • AI in Financial Services: Where Does Ethics Fit In?

    553 shares
    Share 221 Tweet 138
  • Matching Buyers and Sellers in M&A

    540 shares
    Share 216 Tweet 135

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Financial Technology Today news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Future Healthcare Today
Government Technology Insider
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Financial Technology Today offers content and advertising sponsorships to leading technology solution and service providers. Interested in becoming a sponsor? Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About
  • Banking
  • Insurance
  • Categories
    • Digital Transformation
    • Customer Experience
    • Cybersecurity & Risk
    • Regulation & Compliance
    • Claims Management
  • Contact Us