Is your data safe anywhere? Apparently not. "For Americans who want to protect their personal information, there is no way, in our current system, to do so," claimed a recent article in the Atlantic.
Back in 2017, a data breach at credit reporting agency Equifax left the personal information of 143 million consumers exposed. The exposed data included social security numbers, birth dates and addresses. It also included credit card numbers for more than 200,000 Americans. It doesn't get much worse than that. After Equifax settled with the FTC for $700 million, it would be reasonable to expect that other financial services firms would review their data security to prevent a similar catastrophe. Unfortunately, this was not the case.
There was recently news of another data breach at a prominent financial services firm. According to an article in the NY Times, "A software engineer in Seattle hacked into a server holding customer information for Capital One and obtained the personal data of over 100 million people." This breach was especially telling from a data vulnerability standpoint. The hacker, who was quickly apprehended, formerly worked for Amazon Web Services. Amazon Web Services hosted the Capital One database that was breached. In other words, Capital One's supply chain was compromised.
As we've previously stated, every company is part of a supply chain, and cyber risk flows up and down the supply chain. That means every company's greatest vulnerability is the weakest link in their supply chain, as Capital One recently learned. Unfortunately, this is not the first data breach for Capital One. "In a breach in 2017, Capital One notified customers that a former employee may have had access for nearly four months to their personal data, including account numbers, telephone numbers, transaction history and Social Security numbers. The company reported a similar breach involving an employee in 2014."
Data breaches are exceptionally expensive for financial services firms, in large part due to the precedent set by the Equifax settlement. In addition to whatever direct costs financial services organizations incur to recover and secure their IT systems, they are now expected to pay for credit monitoring for affected customers. Given that there are more than 100 million people considered to be part of this category, it sure seems like it would be cheaper to just keep these breaches from happening in the first place.
Financial services firms are quickly learning it is no longer good enough to only harden their internal infrastructure against data breaches. They must also harden the network to their supply chain. One of the best ways to accomplish this is to deploy a virtual private network (VPN) to every member of the supply chain.
To reduce the chances of a data breach, every member of a financial services firm's supply chain should lock-down all endpoints and be required to communicate with the firm via a VPN. However, there are several impracticalities to this plan that will make compliance challenging to attain. First, many VPNs require complex configurations making them difficult to set-up. Second, many security solutions would be cost prohibitive for a smaller supplier to fully roll-out throughout their business.
Attila's GoSilent is a portable, enterprise-grade firewall and VPN which locks down access to networks by securing all endpoints such as servers, mobile devices, printer/scanners, laptops and desktops. It can connect safely to the Internet, even over unsecured WiFi, and can be set up in minutes – even by non-technical users. It has an affordable price point to scale for company-wide use and is flexible enough to layer-in with legacy systems. Learn more about Attila’s products and next-generation edge security and help keep your company’s name out of the news.