Cyber-attacks on the financial industry are happening more frequently at an alarming rate of 300 times more in comparison with other industries (Thomas, 2019). In preparation for the annual 3-day security meeting with Padgett-Beale Inc. (PBI), a background paper has been created to highlight the cybercriminal activity that may pose a threat to PBIâ€™s business model. To perform the analysis of the potential threats, the CISO collected data from recent events that have negatively impacted the financial services industry. One current event of particular interest that will be highlighted in this paper is the Capital One Breach that occurred on 22-23, March 2019.
Per the Capital One 2019 Facts security report update for its recent cyber incident: â€œOn July 19, 2019, we determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card productsâ€ (Capital One, 2019). Furthermore, it goes on to state that this attack impacted more than 100 million individuals exposing â€œaddresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction dataâ€ (CISO MAG, 2019). This attack was one of the most prominent attacks in recent history that could have been ultimately prevented if their firewall had been configured correctly according to security analysts (Thomas, 2019).
Per the CISO MAG (2019), the FBI charged a suspect, â€œPaige A. Thompson, with computer fraud and abuse. Thompson, who went by the hacker name â€˜erraticâ€™, allegedly exploited a misconfigured firewall to access the Capital One cloud repository and exfiltrate the data in March 2019â€. As a result, Capital One sent out notices to all of its customers that were impacted by the security breach. Furthermore, the bank offered free credit monitoring and identity protection for all individuals that had their Social Security numbers and/or bank account numbers exposed (Capital One, 2019). There is no known or clear motive for her reasons for exploiting a server vulnerability and stealing Capital Oneâ€™s customer data.
Should the company take actions or develop strategies to protect itself from similar crimes? What are your recommendations in this regard?
In response to the growing threats faced by the Financial Services Industry, PBI must be prepared to protect its digital assets from cyber-attack or other compromise. First, the M&A must continue its â€œdue diligenceâ€ as evidenced in the Risk assessment, subsequent, Gap Analysis, and the development of a Cybersecurity Strategy. Compiling the data from the tools aforementioned will aid PBI in identifying security vulnerabilities and risk mitigation strategies to eliminate or reduce the risk to an acceptable level. Failing to do so, can open the company up to lawsuits, reputation damage and substantial cleanup costs. Furthermore, due to PBI-FS’s limited nature of experience in the Financial Industry, special care needs to be taken to address the impact a breach would have on its operations by , at a minimum, conducting a Business Impact Analysis (BIA).
In closing, the writing is on the wall and PBI-FS has been put on notice of impending attempts to compromise its security based on recent statistics and trends. As a new formed financial services division, they are a prime target for cyber criminals looking for an easy hit. Developing a Cybersecurity Strategy and Implementation plan will steer the team in the right direction. Likewise, PBI-FS must be extraordinarily vigilant in performing its â€œdue diligenceâ€ in all aspects of its business model. Finally, by adopting the â€œbest practicesâ€/frameworks to harden their security posture against the looming threats, PBI-FS can avoid being a victim like Capital One.
Capital One. (2019). Information on the capital one cyber incident. Retrieved from https://www.capitalone.com/facts2019/
CISO MAG. (2019). CISO mag rewind: biggest financial data breaches of 2019. Retrieved from https://www.cisomag.com/ciso-mag-rewind-biggest-fi…
Thomas, B. (2019). Financial data breaches 2019: capital one, first american, desjardins, more. Retrieved from https://www.bitsight.com/blog/financial-data-breac…