Dear editor,
The latest hack to create a storm with the media and analysts alike is that of a large bank in the United Arab Emirates, reported to be Invest Bank. With large amounts of data, including tens of thousands of customer files, now in the public domain, it’s easy to see how the hack of this bank is a wake up call for all organisations, including financial institutions, to put serious security measures in place to contain breaches once they occur.
With data including full names, credit card numbers and birthdays involved in the breach, it’s clearly a sensitive issue; if anything has been learnt from the recent TalkTalk breach, it’s that it’s no easy task to tell customers that their private information, which they thought could be trusted, is now not so secret anymore.
So, what can banks and financial institutions across the globe learn from this? Something that isn’t easy to come to terms with, but that is an unfortunate fact, is that it’s inevitable that breaches are going to happen. So, the issue is not one of breach prevention or detection, but one of breach containment: how can organisations limit the scope of a breach and keep it to a manageable segment, instead of a system-wide disaster?
A change in mind-set is needed here. In order to achieve a breach containment model, organisations need to think differently about the security architecture design. With a focus on users and applications, rather than the network itself, organisations can use cryptographic segmentation to ensure only privileged users have access to privileged applications or information. With this strategy, the organisation knows immediately the extent of the breach and the data/users/applications affected.
Could a different approach to security have limited the scope of this hack? Who knows. However, one thing is for certain: organisations must adopt a software-defined security strategy in order to stay ahead of the game. If they don’t, they face the probability of becoming another organisation to hit the hacking headlines, and for organisations holding vast amounts of sensitive customer data, this is no longer an option.
[su_box title=”About Paul German” style=”noise” box_color=”#336588″]
Paul is responsible for growing the Certes business in the European, Middle Eastern and African regions. Paul brings more than 18 years of experience to Certes and was most recently VP/GM EMEA for Sipera Systems , a worldwide leader in IT security solutions sold to Avaya in 2011. In addition, Paul has broad experience having held key roles with Cisco, Siemens Network Systems and Lehman Brothers. His main success has been in helping companies achieve forecasted goals by structuring sales, operational processes, and coaching sales teams to deliver multi-year, multimillion-dollar contracts. Paul holds a Bachelor of Science honours degree from Brunel University, London.[/su_box]
Paul German, CEO at Certes Networks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.