Access Risk Management Blog | Courion
The MasterCard and Visa data breach at Global Payments highlights the vulnerabilities of electronic financial data. In the last few years, financial services companies have improved security, and now hackers are targeting the credit card payment processors. The good news in the Global Payments’ event is they identified “unauthorized access into a portion of its processing system,” sought expert help, and contacted federal law enforcement. Unfortunately these steps were taken after millions of cardholders had their information compromised.
Credit card processors may not be subject to the same regulations as the credit card companies themselves, but any company dealing with highly valuable personal data will clearly become a downstream target as financial institutions tighten up their security systems. It reminds me of the old locksmith’s theory that I can never make your house so secure it can’t be breached, so my goal is to make it tough enough that the thief goes elsewhere. Organizations in every industry are now becoming more aware that their responsibility for their customer information doesn’t stop at their systems, networks or employee devices but extends to their partners, distribution channels and suppliers.
While this may seem like an overwhelming task, the key may well be focusing on those items of greatest risk rather than trying a “boil the ocean” strategy. The hard part is knowing what are the most important assets and activities that might put the information and the company at risk. Unfortunately given the changing nature of our businesses, this can be like trying to tune a car while driving down the highway. The volume of information, and the volume of activity accessing the information, begs for an automated identity and access management solution and an analytics engine (much like business intelligence tools) that can sift through the data and bring some order to the information.
If we are going to keep up with the cat and mouse game with the criminals, we need to get a bigger/faster/hungrier cat. A risk-based focus on protecting information may just be the cat that has the mice looking to go elsewhere.