Following the disclosure of Prudential Financial’s data breach, there are associated concerns for the sector. Nick Tausek, Lead Security Automation Architect at Swimlane explains to Digital Journal the extent of lessons to be learnt.
The ransomware group known as BlackCat and Alphv said they were responsible for the recently disclosed cyberattacks impacting financial giants LoanDepot and Prudential Financial, Security Week reports.
The two companies were named on the BlackCat leak website on Friday, February 16, 2023. Based on the messages published by the hackers, both companies have refused to pay a ransom.
Tausek explains the background to the incident: “Prudential Financial, the leading global financial services Fortune 500 company, disclosed a cyberattack last week that resulted in the breach of employee and contractor data. The company provides insurance, retirement planning, and wealth and investment management services to over 50 million customers, and employs 40,000 individuals worldwide.”
Tausek acknowledges that information is somewhat limited in terms the detail: “Prudential has yet to disclose the scope of the breach or the number of customers and contractors affected. As with other early notifications, we can expect these numbers to be provided and potentially revised in the coming weeks, as the scope becomes apparent through investigation.”
In terms of the wider lessons for the industry, Tausek advises: “Financial organizations responsible for safeguarding millions of customers’ sensitive data must prioritize cybersecurity. While their security teams need various tools to protect complex technology environments, disjointed tools that lack cross-communication and cloud integration are straining team bandwidth and creating security gaps.”
The consequences of this are: “Cybercriminals are taking advantage of these gaps, leading to frequent and costly breaches. According to a recent report from Swimlane and Omdia, 42 percent of financial organizations have had at least one breach with a total cost of $1 million in the last 12 months, with 20 percent experiencing a breach with a total cost of more than $5 million.”
In terms of further advice of the financial sector, Tausek offers: “To prevent similar data breaches in the future, organizations should implement a multi-faceted platform to centralize detection, response, and investigation. Not only will automating this process provide complete visibility into the IT environment, allowing teams to assess the effectiveness of their SOC, but it will also eliminate the need for heaving coding, increasing efficiency.”