In my last blog I discussed the Epsilon breach which affected a large number of customers including banks and many others. The latest breach for Sony Playstation gamers was not specific to banking but was of significant nature and can only affect online bank customers if they were careless enough to use the same usernames and passwords that they use with their banks (yes people do that).
The point is that breaches can come from outside the bank through its partners, vendors and relationships. Banks are required to do significant due diligence to ensure a potential partner has best practices in security which is critical. Coming from someone who has done a lot of due diligence on companies over the years it is difficult to get a true deep picture of a company's security posture. Small details can make a big difference. Also, many times there are simply not that many partners who have the capability you are looking for which limits your options.
Epsilon is a good example. Since they were used by many big banks and other large companies you can assume that a lot of due diligence was done before contracts were signed. Yet there was still a compromise. So this is definitely an achilles heel for bank security.
One final point of interest, a recent article from pc pro (link at end of blog) states that the FBI has tied back recent hack attempts of $20M back to China. Once again from experience I can tell you that hacking comes from all over the world but this does not surprise me because China hack attempts far exceeded all others by a large magnitude making the term "Made In China" take on new meaning.
As I have said before the best security comes from you and your habits but it is important to make sure that your bank uses geo-location risk based assessment with out of band authentication protection. You think it would be required but its not yet. If your bank does not and you use online banking, find another bank.
PC Pro Article
No comments:
Post a Comment