Flagstar Bank, a Michigan-based financial services provider and one of the largest banks in the U.S., has disclosed a data breach impacting 1.5 million customers. Cybersecurity breaches continue to grow in both frequency and sophistication for all industries, and the financial sector is particularly vulnerable.
The Flagstar Bank incident is a case-in-point. In relation to the incident, a statement issued by the bank runs:
“Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement.”
Looking at this latest cyber-issue to affect the finance sector for Digital Journal is Keith Neilson, Technical Evangelist at CloudSphere.
Neilson notes that consumers need to have confidence in finance institutions to look after the money, as businesses need to have the confidence to invest. This makes any cyberattack troublesome.
As Neilson points out: “Financial institutions are entrusted with large volumes of sensitive customer information and have a responsibility to maintain proper security guardrails. A breach of this scale can impact not only the targeted organization and its customers, but also its business partners.”
The risks from such issues are not only financial, as Neilson notes: “As key targets for malicious actors, a financial institution’s reputation depends largely on its ability to ensure all data remains secure.”
To avoid these issues, a robust security framework and strategy is needed. Here Neilson explains: “This latest attack serves as a reminder that a comprehensive cybersecurity strategy begins with cyber asset management.”
In terms of practical advice, Neilson recommends: “To properly secure sensitive data, organizations must take the first step of cyber asset management by discovering all cyber assets hosted within the IT environment.”
Not to do so simply ups the risk factors, says Neilson: “Without a comprehensive inventory of these cyber assets, organizations have no way of detecting potential vulnerabilities (let alone remediating them) until it is too late. Once all cyber assets are accounted for, IT leaders can establish clear, real-time visibility of their cyberattack surface and effectively implement security guardrails across the entire IT landscape to prevent any access to cybercriminals.”
