By Ron Daly
Today, anyone with an Internet connection (and that’s pretty much everyone) is worried about identity theft, hackers and ransomware, and with good reason. Following a Reuters report in May, the Federal Reserve announced it had detected more than 50 breaches of its computer systems from 2011 and 2015, while denying that any critical operations were affected.
Meanwhile, the Fed issued more guidance on assuring adequate levels of security at financial institutions. And more recently, the OIG said it is auditing current exam processes to see if they accurately assess whether institutions are meeting those guidelines.
No wonder this issue is at the forefront: Attacks keep growing in frequency and sophistication. According to the 2016 Global State of Information Security Survey, 38% more security incidents were spotted in 2015 than the previous year. But while employee errors were cited as the most common cause of broken defenses, business partners were responsible for 22% of the incidents. Verizon’s 2015 Data Breach Investigations Report found that some 70% of cyberattacks involve a combination of phishing and hacking techniques. And that’s enough to keep your whole IT team up at night.
Best Line of Defense
Being under attack is nothing new to the financial industry. From Jesse James’ bank robberies to today’s infamous Albert Gonzalez (who hacked into 170-million credit card and ATM account numbers over a two-year period), we know the importance of strong lines of defense. So, how do we accomplish it?
Lately, I’ve been hearing experts toss around a military term when talking about safeguarding their systems – “defense in depth.” The principle is that an enemy will find it harder to conquer multiple layers of defense than a single impediment. For information security, that means having several layers of controls throughout your system. One reason it’s been a successful strategy is that having additional defenses may well cause hackers to move on and search for an easier target. For another, if a cyber thief is successful at penetrating one line of defense, there are more fortifications to protect the data.
For financial institutions’ security, a defense-in-depth strategy might encompass firewalls, anti-virus and anti-spyware programs, strong passwords, biometric confirmation, and intrusion detection, as well as regular staff awareness training on phishing and social-engineering tactics. That’s in addition to physical protections for facilities, like detectors for skimming devices and key-card ID requirements for personnel and vendors.
Time for Reinforcements
But as attacks grow in both number and sophistication, financial institutions and other high-security-risk industries are finding themselves reacting to the latest types of threats, which starts to feel like locking the barn door after the horse was stolen. So, isn’t it time for a new approach? One that wouldn’t allow cybercriminals to pull data from your systems, even if they penetrated your defenses?
With regulators stepping up their overview of security procedures, it’s time to ensure your fortifications are as strong as possible. At Virtual StrongBox, we provide client credit unions our patented end-to-end encryption process – the highest level of protection for your members’ personally identifiable information. Because data is converted by complicated algorithms into unreadable data packets, it would be nonsensical to even the most skilled hacker.
Data breaches are not only frustrating, even scary, they also are expensive. The latest Cost of Data Breach Study by IBM Security found the average price tag for each lost or stolen record was $158. Providing multiple layers of defense is well worth the effort and resources involved.
Cybercrime is a lucrative business, and I haven’t read one report predicting that these attacks will drop off in the coming years. Our credit union community needs to be armed and ready, with multiple layers of defense with encryption your best line of defense.
Ron Daly is President/CEO of Virtual StrongBox, Inc. a secure, end-to-end customer engagement platform that can be integrated into various workflow processes to provide high-risk Enterprise IT firms the data protection needed to enable the consumerization of IT in the cloud. For more information, visit www.virtualstrongbox.com.