Breaches will not slow anytime soon, and there's not much financial institutions and the payments chain can do to stop them. At this point, the best course of action for banks and retailers is to focus on damage control.
"I'd like to make sure our recommendations fit with what the FFIEC is recommending, to continue to help us mitigate risk," says Michael J. Wyffels, SVP and CTO of QCR Holdings Inc. "But the hackers seem to continue to find new ways to exploit vulnerabilities."
When a database breach occurs, consumer notification continues to be a public problem. And it's time for the federal government to step in, says Linda Foley, co-founder of the non-profit Identity Theft Resource Center.
Victimized by a hack of its SecurID authentication token that resulted in the breaches of several customers' IT systems, security maker RSA is expected to announce its first chief security officer as early as Friday.
Art Coviello, RSA's executive chairman, confirms that information taken from RSA in March had been used as an element of an attempted broader attack discovered late last month on SecurID customer and defense contractor Lockheed Martin.
Despite improvement in organizations' abilities to plan for and predict disasters, they still lack an effective response. In fact, the biggest gap in business continuity today is understanding, says Lyndon Bird, director at the Business Continuity Institute.
The legislation sponsored by Senate Judiciary Chairman Patrick Leahy would nationalize data breach notification and stiffen penalties for those who fail to notify law enforcement and individuals of a data breach.
Our 2011 survey exposes barriers preventing government IT security practitioners from doing their jobs effectively, identifies services and technology they need to safeguard IT and determines the comfort level they have with cloud computing.
David Navetta, an attorney who specializes in IT security and privacy, says the magistrate's recommendation, if accepted by the judge, could set an interesting legal precedent about the security banks are expected to provide for commercial customers.