No more hitting the snooze on breaches
Equifax should be your bank’s final wakeup call
- |
- Written by Dan Fisher
- |
- Comments: DISQUS_COMMENTS
Obvious and mediocre won’t be found here—but “Why didn’t I think of that?” will! Challenging the banking status quo is Dan Fisher’s personal mission.
It’s not just a warning anymore! It’s much more!
Equifax has added itself to the growing list of companies that have disclosed a data breach of the magnitude that ten years ago we thought impossible…
And for the last ten years many companies like Equifax continued to think that it was not possible!
That is the essence of the problem.
They are coming for you … or worse
Senior executives, managers, and owners in thousands of companies, financial institutions, banks, credit unions, data processors, hospitals, and even fast food restaurants continue to operate under the assumption that they will not be attacked—or that they are not vulnerable.
In July of 2015, our firm produced a second-edition research report titled Data Breach Events. This report summarized the data breach events that had impacted domestic consumers. At that time, we estimated that the impacted number was 280 million individuals, or 81% of the U.S. population. It should be noted that this was a cumulative total over a two-year period.
The Federal Trade Commission published in a Sept. 8 blog a “What to Do” piece and they estimated that 143 million individuals were impacted by the Equifax breach alone.
Shocking numbers from Equifax breach
The Equifax breach in raw numbers is staggering. Almost half of the U.S. population in one event. Statistically, in the context of time and total numbers, the same individuals being impacted more than once. This is not good!
Of course, the standard response from the victim of the breach is to apologize and offer free identity theft insurance for a year, but, quite frankly, that is not enough.
The free monitoring should be for life because this information can lay dormant in the hands of the perpetrator for years before it is used.
Time for industry to be responsible
The common thread to all of this has to do with vigilance!
Those responsible for caring for non-public data have not taken their role seriously. The numbers do not lie!
Hundreds of millions of consumers and businesses have been compromised due to carelessness, and this is not acceptable. Period.
These events are occurring far too frequently, and we need to do something about it. Your customers are depending on you!
What your bank should be doing
The first thing you can do is to make information security a top priority in your organization and not a second thought or collateral function.
• Commit to re-doubling your efforts in regard to your key vendors and how they store and protect your information. This approach should also be applied internally regarding how you store information within your enterprise.
• Review the FFIEC IT Handbook on Information Security and re-assess all key vendor relationships over the next 120 days. Raise your standards and choose only those vendors that are open-minded, responsible, and willing to work with you to satisfy your concerns, and that are capable of demonstrating that they are being vigilant.
Don’t let your customer data become part of the growing data breach statistics. The alarming trend should convey to you that it is no longer a warning anymore as much as it is a matter of time!
Be ready for your institution and your customer.
The Wombat!
