NEW ORLEANS (6/4/15)--Data security at most financial institutions tends to be a reactionary exercise based primarily on fear, Mark Berman, principal and founder of Horsetail Technologies, told attendees of the CUNA Payments Roundtable Tuesday
“In general, humans--and credit unions---are reactionary by nature,” Berman said.
In a common scenario, the board has pushed the CEO for a security plan to please regulators or because a threat has received media attention. The quick reaction is for the CEO is to write a check for a one-size-fits-all solution that doesn’t quite fit.
“The CEO just doesn’t have the time or knowledge to dive into the full details of the threat," Berman said. “We want to write a check to make it all better. It seems like if you don’t write that check the world is going to end. Unfortunately what you get is a patchwork solution rather than a blanket solution.”
But in an age when cybercriminals hold on to data just seconds before passing it along to another fraudster, preparation is critical to prevention.
Berman cited a 2013 study by Symantec and the Ponemon Institute in which 64% of 2012 data breaches were the result of human mistakes and system problems.
Implementing a strong security posture and incident response plan, as well as appointing a chief information security officer, reduces the costs of data breaches by roughly 20%, he said.
Berman offered a five-step plan for building a cross-departmental fraud identification team:
“Each member of the team has a unique responsibility to apply prevention and preparedness best practices to his or her own department,” he said.
Once in the team is place, the credit union’s next step is to work with vendors and members to ensure they are aware of their roles in identifying security threats, Berman said.
For additional coverage of the CUNA Payments Roundtable, see News Now.