"Any other bank could have just as easily been victimized," says banking fraud expert Shirley Inscoe, following the arrest of a former Citigroup executive charged with embezzling more than $19 million.
Eddie Schwartz, the new - and first - chief security officer of RSA, says the IT security provider hit by a sophisticated advanced-persistent-threat attack in March is focusing internal security on efforts to reduce the time an intruder can go undetected.
The database has become the main target for hackers and negligent insiders, as the insider breach at Bank of America showed. A recent survey highlights the need for financial institutions to enhance security measures to mitigate threats and losses.
"It's not enough to know the architecture of the breach system," says Michael Aisenberg of MITRE Corp. "Leaders have to understand the different jurisdiction of where they do business, where their customers are and which breach law applies."
The arrest followed an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.
Recent hacks have uncovered security vulnerabilities that should have been addressed years ago. "These attacks are going to escalate," says Josh Corman of The 451 Group. But organizations can implement basic steps to make the hackers' job harder.
Who's behind the International Monetary Fund breach? Some observers suggest the attack could have been waged by a government to access confidential information about the financial stability of certain global markets.
NRC CISO Patrick Howard is among three information security leaders who share their experiences, approaches and challenges from battling data breach incidents that had an impact on their organizations and their careers.
Details surrounding the reported breach of the International Monetary Fund remain sketchy, but alarming. And Gartner analyst Avivah Litan believes there may be "dozens" of similar incidents that have not been disclosed.