Kroll information security expert Brian Lapidus is among a select group of experts featured in a new report conducted by Longitude Research and SAS on cyber threats in banking. Released on October 23, “Cyberrisk in Banking” examines cyber risk in financial services: the industry’s greatest cyber vulnerabilities and opportunities with the ultimate goal of elevating what has traditionally been considered an IT issue to a risk management one. The study is based on a survey of 250 respondents in the financial services sector (55 percent in retail banking and 45 percent in commercial banking), who have influence on, or knowledge relating to, their organization’s cyber security risks and responses. In general, the study found that awareness levels and preparedness strategies are not sophisticated enough to keep up with the evolving threats to the industry. When asked what they see as their organization’s primary challenges in dealing with cyber security in the coming two years, respondents rate technology limitations (cited by 39 percent) and difficulties in keeping pace with rapidly changing cyberrisks (38 percent). “There is definitely a learning curve in keeping up with the latest threats as they are constantly evolving and changing,” said Brian Lapidus, senior vice president at Kroll. “There is never enough customer awareness and there are lots of evolving methods, particularly social media.” Download the full report.
Earlier this month, CNET ran an article entitled “How to respond to a data-breach notification,” a topic that is obviously near and dear to Kroll, and one that typically does not get it’s due. We’ve written about the consumer’s reaction to breach notification letters before, and how companies need to take this into consideration when crafting the letter.
Many articles focus on various issues surrounding the act of notification itself – the “quality” of the apology from the company, the fact that many consumers ignore the letters for various reasons, and whether or not credit monitoring is offered. But notification is a lot more complex and confusing from the consumer’s viewpoint than these seemingly disengaged conversations would imply.
Consumer credit freezes are a great idea for identity theft victims, just not great advice in response to a data breach
The recent California Attorney General report on data breaches in 2012 not only shed light on the specifics of the breaches that occurred in the state last year, it also offered advice to breached organizations that must comply with breach notification laws. One interesting piece of advice was this: “Companies and agencies should offer mitigation products or provide information on security freezes to victims of breaches involving Social Security numbers or driver’s license numbers.” The report goes on to say that these losses expose consumers to new account fraud, an increasingly common crime, and that credit monitoring and freezes can limit this risk to consumers.
This month, California Attorney General Kamala D. Harris released an analysis of the 131 data breaches reported to her office by 103 companies, revealing that 2.5 million people — roughly 6.5 percent of the state’s population — were put at risk by in 2012. Each of the 131 incidents affected more than 500 California residents, with the average (mean) breach incident involving 22,500 individuals. Median breach size was 2,500 affected, and there were five breaches that exposed information for 100,000 or more.
Consumer Federation of America follow-up with identity theft services reveals how far the industry has come – and how far it still has to go
Earlier this month, the Consumer Federation of America (CFA) issued a press release concerning its reexamination and follow-up with several identity theft services that were analyzed in the 2012 report, Best Practices for Identity Theft Services: How are Services Measuring Up? The original report analyzed how well identity theft services communicated key information to potential customers on their websites and through marketing materials. This follow-up analyzed how responsive the service providers have been in making changes based upon the CFA recommendations for best practices.