It doesn't take more than a few minutes watching the news to be reminded of the endless stream of attacks being placed on personal and financial security. From governments to rogue hacking teams and countless groups in between, companies and clients are in a battle to preserve financial stability and well-being. Given the prevalence of security breaches across all industries, regulatory agencies have taken notice, putting firms under an extremely watchful eye.
With the tangled web of assorted vendors used by companies to fulfill their many operational needs, firms have a constant, significant exposure to hackers, malicious spyware, Trojan horses and other network-paralyzing infections. Any of these can cripple business at a moment's notice and create a cascading effect that can significantly impact a customer base as well.
However, though it might feel like a losing battle, technology can help a firm gain and maintain the security and privacy needed for it to thrive. Given recent instances of systemic security failures, the need for effective security protocols and reliable partners won't be disappearing anytime soon.
SWIFT System Attack
While not an everyday name, the SWIFT network is a vital component to communication between international banks, providing member institutions a reliable, theoretically safe means of verifying transactions across the globe. In 2016, a hacker group named Lazarus reportedly used malware to manipulate SWIFT's network, tricking the system to send fraudulent fund transfer requests.
By targeting member accounts at the New York Federal Reserve, the hackers had access to banks and holding companies throughout the globe, most notably hitting the Bank of Bangladesh for over $80 million. Only a mistyped password prevented the group from stealing another $1 billion from the same bank just a few months afterwards.
As 2016 progressed, Lazarus continued to hit other banks, always through the same hub provided by the New York Fed. Although SWIFT made tweaks to their security protocols to prevent further attacks, the hackers continued to successfully navigate through the changes, ultimately hitting 12 separate Asian banks.
In the resulting investigations, it was determined similar attacks had occurred in 2015 but never flagged by the primary institution involved, Wells Fargo Bank, for suspected fraud. Other banks have since filed suit against Wells Fargo seeking damages as the fraudulent transactions severely threatened their overall solvency. To put a grim, final point on the matter, Symantec has since linked the Lazarus group to North Korean nationals and declared them responsible for the Sony Pictures hack as well.
Johnson & Bell, First Class Action Suit of Its Kind
As a precautionary tale to all firms dealing with the personal information of a client base, Johnson & Bell, a mid-sized law firm in Illinois, was sued in federal courts in 2016 for insufficient data security even though an actual breach never occurred. Though records are currently sealed, the class action suit stems from a group of clients claiming the firm failed their contractual obligations to provide secure storage and transmission of their personal information.
While the firm states a third party vendor used to manage their system security was actually at fault, the court is allowing the suit to proceed. As it stands, the plaintiffs are seeking compensation for the money that should have been spent on security measures in accordance to industry standards, legal fees, and the admission of guilt to past and current clients, along with annual security audits on an ongoing basis.
Although the case is still active, it speaks of the continued diligence a firm needs to protect clients' personal information. Particularly when a firm has been provided specific minimum security requirements by regulatory agencies, companies in the legal, financial, health and telecom sectors need to be ever-vigilant of their obligations and the necessity of reliable outside vendors. Since the lapse in security isn't covered by most cyber liability insurance policies, monetary penalties could threaten the solvency of a firm if damages are large enough.
Scottrade and Another Class Action Suit
Unlike the previous example, a series of class action suits filed against Scottrade starting in 2016 claims negligent security procedures led to the actual theft of the personal information of 4.5 million clients. The suit claims hackers were able to routinely circumvent Scottrade's security as far back as 2013. An unsealed indictment revealed the attacks were part of an orchestrated effort that was simultaneously targeting a number of firms, Scottrade obviously included.
The fact that Scottrade wasn't even aware of the system hack until the FBI informed them of it in 2015, over two full years after the initial breach, speaks equally on the staggering negligence from Scottrade, as well as the exceptionally refined abilities of the hacking group. Despite a nearly $3 million fine for their lax security, Scottrade only recently disclosed yet another security breach due to a third party vendor they used for systems management. In this recent case, the vendor mistakenly stored nearly 160GB of client information on a publicly accessible database, the ramifications of which are still coming to light.
Find Trusted Partners
Unfortunately, these are just recent examples. Going back just a few more years tells stories of entire businesses being lost, CEOs fired, brands permanently damaged, massive regulatory fines and millions of customers put in harm's way. The battle for security is not an easy one but certainly necessary. Finding partners that possess an expertise in such matters is absolutely crucial in providing a stable future for organizations and their customer base. At Xinn, we partner with Microsoft Azure secure cloud network and thrive on providing that security and stability for our partners as we continue to innovate lasting solutions for your security needs.