critique discussion post below half page th

Cyber-attacks on the financial industry are happening more frequently at an alarming rate of 300 times more in comparison with other industries (Thomas, 2019). In preparation for the annual 3-day security meeting with Padgett-Beale Inc. (PBI), a background paper has been created to highlight the cybercriminal activity that may pose a threat to PBI’s business model. To perform the analysis of the potential threats, the CISO collected data from recent events that have negatively impacted the financial services industry. One current event of particular interest that will be highlighted in this paper is the Capital One Breach that occurred on 22-23, March 2019.

Analysis

Per the Capital One 2019 Facts security report update for its recent cyber incident: “On July 19, 2019, we determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals who had applied for our credit card products” (Capital One, 2019). Furthermore, it goes on to state that this attack impacted more than 100 million individuals exposing “addresses, phone numbers, and dates of birth, along with 140,000 Social Security numbers, 80,000 bank account numbers, credit scores, and transaction data” (CISO MAG, 2019). This attack was one of the most prominent attacks in recent history that could have been ultimately prevented if their firewall had been configured correctly according to security analysts (Thomas, 2019).

Per the CISO MAG (2019), the FBI charged a suspect, “Paige A. Thompson, with computer fraud and abuse. Thompson, who went by the hacker name ‘erratic’, allegedly exploited a misconfigured firewall to access the Capital One cloud repository and exfiltrate the data in March 2019”. As a result, Capital One sent out notices to all of its customers that were impacted by the security breach. Furthermore, the bank offered free credit monitoring and identity protection for all individuals that had their Social Security numbers and/or bank account numbers exposed (Capital One, 2019). There is no known or clear motive for her reasons for exploiting a server vulnerability and stealing Capital One’s customer data.

Should the company take actions or develop strategies to protect itself from similar crimes? What are your recommendations in this regard?

In response to the growing threats faced by the Financial Services Industry, PBI must be prepared to protect its digital assets from cyber-attack or other compromise. First, the M&A must continue its “due diligence” as evidenced in the Risk assessment, subsequent, Gap Analysis, and the development of a Cybersecurity Strategy. Compiling the data from the tools aforementioned will aid PBI in identifying security vulnerabilities and risk mitigation strategies to eliminate or reduce the risk to an acceptable level. Failing to do so, can open the company up to lawsuits, reputation damage and substantial cleanup costs. Furthermore, due to PBI-FS’s limited nature of experience in the Financial Industry, special care needs to be taken to address the impact a breach would have on its operations by , at a minimum, conducting a Business Impact Analysis (BIA).

Closing

In closing, the writing is on the wall and PBI-FS has been put on notice of impending attempts to compromise its security based on recent statistics and trends. As a new formed financial services division, they are a prime target for cyber criminals looking for an easy hit. Developing a Cybersecurity Strategy and Implementation plan will steer the team in the right direction. Likewise, PBI-FS must be extraordinarily vigilant in performing its “due diligence” in all aspects of its business model. Finally, by adopting the “best practices”/frameworks to harden their security posture against the looming threats, PBI-FS can avoid being a victim like Capital One.

Capital One. (2019). Information on the capital one cyber incident. Retrieved from https://www.capitalone.com/facts2019/

CISO MAG. (2019). CISO mag rewind: biggest financial data breaches of 2019. Retrieved from https://www.cisomag.com/ciso-mag-rewind-biggest-fi…

Thomas, B. (2019). Financial data breaches 2019: capital one, first american, desjardins, more. Retrieved from https://www.bitsight.com/blog/financial-data-breac…