Managed Services Can Help Prevent Data Breaches
Cybersecurity experts say the recent Capital One data breach of more than 100 million customers’ data was long overdue. The breach, which Capital One says it discovered July 19 and made public July 29, is one of the first major cybersecurity incidents to affect a top banking institution. (Similar incidents have affected other industries, including financial services, hospitality, entertainment and retail.)
According to Capitol One, the alleged culprit, 33-year-old former Amazon software engineer Paige A. Thompson, reportedly accessed about 140,000 Social Security numbers and 80,000 bank account numbers from credit card customers. She also allegedly stole names, addresses, phone numbers, email addresses, dates of birth and self-reported income for credit card applicants. All of this data was stored on Amazon’s cloud, but she accessed it through a poorly configured firewall, investigators reported. Capital One said it expects to spend up to $150 million to cover costs associated with the breach—including customer notifications and free credit monitoring services.
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Richard Fairbank, Capital One chairman and CEO, said in a statement on the company’s website. “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”
Imagine an organization having to put out a statement like this to shareholders and customers, let alone come up with $150 million for recovery efforts. It’s a highly unfortunate situation far too many organizations find themselves in.
Although a majority of breaches probably won’t be as large as the one affecting Capital One, recent data from IBM shows the average breach can still take a nasty toll. IBM’s findings show the average cost of a data breach in the U.S. is estimated to be $8.19 million.
Hackers do not discriminate
“We believe any firm, regardless of size, must take proper and proven precautions to protect itself, and its customers, from being compromised,” said Baan Alsinawi, president and founder of TalaTek. “Simply having a cybersecurity plan in place has never been enough. Firms should seek outside assistance from industry experts that truly put an institution’s cyber strength to the test.”
At TalaTek, recommended solutions include Penetration Testing Services and Cyber Threat Hunting Services. Both involve taking a raw look into a firm’s cyber ecosystem and identifying potential vulnerabilities.
Specifically, cyber threat hunting involves proactively examining networks and datasets to discover threats that may evade detection by automated security tools. Cyber threat hunts often employ both automated and manual tools and techniques to identify a compromise before it’s detected by outside actors.
Penetration testing involves conducting authorized simulated attacks on an organization’s system that attempt to identify and exploit vulnerabilities within its environment. Penetration testing services strategically test the effectiveness of an organization’s preventive and detective security measures that it employs to protect its assets and data.
In addition, every firm should follow the latest trends and best practices set forth by cybersecurity experts, regulators and the U.S. government. Every organization has an important duty to serve its customers and stakeholders the best they can. That duty starts with protecting their data.