Data breach “horror” stories have become a new staple in today’s business environment. The frequency of attacks which threaten (or compromise) the security of business networks and information systems continually increases.
Wells Fargo accidentally leaked thousands of sensitive documents, but not in the sophisticated way it’s often in the media. The bank wasn’t hacked, and its computers weren’t encrypted by Ransomware.
A lawyer representing Wells Fargo in a lawsuit has to now explain how she inadvertently turned over confidential information about thousands of bank clients. She just inadvertently sent 1.4 gigabytes of files to a former financial adviser who subpoenaed the company as part of a lawsuit against one of its current employees. The data set includes at least 50,000 customers’ names, Social Security numbers and sensitive financial info according to The New York Times, which confirmed the contents of the documents, the affected clients are some of Wells Fargo’s wealthiest, with investment portfolios worth tens of billions of dollars.
Will the NJ based law firm have potential liability exposure to it’s lawyers?
Only time will tell.
Judges in New York and New Jersey have issued orders barring further release of the documents, requiring the plaintiff to delete any document copies, and requiring the plaintiff to give the digital file to the court for safekeeping.
For nearly two decades, I have been assisting businesses of all sizes dealing with ESI (Electronically Stored Information) being misappropriated, lost, stolen, or spoliated. Over 50% of the cases deal with theft of trade secrets, restricted covenant and non-compete’s, spoliation and within the past decade data breaches.
Seventy-four percent of organizations felt vulnerable to insider threats, while almost half of surveyed security professionals said that insider risks had increased in the past year, resulting in greater rates of stolen data and security breaches. (Source : A recent industry study by Delta Risk).
The business sector continues to have the highest percentage of total breaches reported — 54.7 percent at the six-month mark.
NOTE: I SAID REPORTED!
MUCH OF THE MEDIA AND WHAT IS KNOWN IS ONLY A SMALL PERCENTAGE OF CASES REPORTED.
Although data security and breach response are constantly in the headlines, studies demonstrate that organizations remain unprepared to effectively respond to a data breach.
Is your organization ready?
Business leaders need to take a different approach and peel the bandages off from the past and identify what and where their “crown jewels” are. Information security has, by necessity, changed a lot from a strategic perspective. Back in the day, tall walls and clever architecture were all we needed to keep criminals out… Castles emerged in Europe in the Medieval period during the 10th century, built to provide protection from enemies. Later, castles became status-symbol residences for monarchs and royalty (the crown jewels). The weakest part of the castle’s defenses was the entrance. To secure access to the castle, drawbridges, ditches and moats provided physical barriers to entry.
It’s no longer good enough to ensure end-to-end protection within the walls of your enterprise.
In the case of Wells Fargo and their outside law firm, this should prove as a wake up call for third parties, any one of whom could cause real financial and reputational damage if compromised.
So why are firms not spending more time focusing on understanding what and where the sensitive data is?
Throwing Money at Cyber Security is NOT the Answer.
Before spending a penny, or a dollar, more on any technology, one must ask:
Have we got the basics right?
It’s often the basic hygiene, the basic controls that are overlooked in the search for the panacea that does not exist. Most security breaches can be prevented by having layered Cyber Security controls throughout the enterprise, however most organizations are spending a large amount of money protecting their perimeter from the hacker hooligans, however while that is necessary, it’s something that is often unstoppable. Meaning, if your firm is targeted by a hacker, or a hacking organization…no matter how secure your perimeter is, most security experts will confirm that there is nothing you can do to prevent it from happening.
For years, I’ve been saying “People are the weakest link”. In converse, they are also the best front line of defense to prevent or determine a possible cyber incident.
Unfortunately, Cyber ignorance or “cyber fatigue” has set in.
As stated earlier, most organizations are building defenses around the castle, however don’t have good controls around the data in their business which is the most vulnerable.
Please feel free to contact me for a fixed fee “Ethical Hacking” assessment or if I can be of any assistance to you.
Digital4nx Group, Ltd. provides Digital Forensic Investigations, Electronic Discovery Consulting and Advisory Service, Incident Response to Data Breaches and Cyber Security services such as “Ethical Hacking”.
LinkedIn | Twitter | Email | Speaking Events