The banking and finance sector has been hit particularly hard by cyber attackers this year—the month so far has seen disclosures from Scottrade, E-Trade, and Dow Jones regarding customer data breaches. It’s become readily apparent that industries dealing in the world’s most sensitive and critical data are poorly poised to defend against the rising threat of cyber crime.
Other industries such as healthcare and insurance have already been reeling from continued cyber attacks. And by now, most of the world’s largest banks have suffered brand damaging intrusions—leaving customers left with little recourse post-breach. Subsequently, growing numbers of enraged consumers are taking up arms in the form of class action lawsuits, forcing banking and financial services firms to reassess failing IT security models. Scottrade’s data breach earlier this month has already resulted in a class action filed on behalf of the 4.6 million users impacted by the data theft.
Specifically, the lawsuit asserts that the firm’s negligence in failing to utilize reasonable security measures coupled with non-compliance to industry security standards for storing sensitive data are what led to the massive data breach. In addition,
“Scottrade’s actions and/or omissions occurred despite prior warnings, including prior incursions of their network by third parties, who conducted fraudulent stock trades using Scottrade’s customer’s accounts, and even fines from government agencies concerning its system’s security procedures and oversight.”
Dow Jones & Co.’s data breach—also disclosed earlier this month— announced that payment card records of current and former subscribers were potentially compromised. Though the number of impacted customers (~3,500 individuals) pales in comparison to the Scottrade hack, the real scope of loss is yet unknown, and will probably never been fully ascertained. Similarly, E-Trade also notified 31,000 customers in early October that their data was compromised in a previously undetected data breach.
The outlook is generally bleak: intrusion methods are becoming more sophisticated while banking and finance security measures continue to stagnate. Given the fact that commercially motivated attacks are continually on the rise, dated IT security models and non-compliance to industry regulations will continue to result in such brand and customer damaging events. UpGuard’s platform for continuous security monitoring ensures that banking and financial services firms—from local credit unions to the world’s largest global banks—are always compliant and secure from critical vulnerabilities and security gaps.
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >