Replaying the Data Breach Blues

by

My tastes in entertainment are pretty broad. While I really enjoy attending sporting events and when Bruce Springsteen is in town I lay aside nearly everything else to attend his concert (as I did in Boston on March 26), I’m also one who enjoys catching a Broadway or Off Broadway Show now and then. In fact, I over the next six weeks I will attend two Red Sox games and two shows at the New World Stages theatre in Midtown.

For a simple night out, though, give me a small club featuring one of the area’s top Blues performers. It doesn’t matter to me if it’s a cover band playing the best of Johnny Lee Hooker, Stevie Ray Vaughn, B.B. King or Robert Johnson, or local artists like Diane Blue, Racky Thomas, Rick “King” Russell or my personal favorite, Boston Baked Blues with front man and internationally acclaimed harmonica player, Vinny Serino. Give me the Blues and I’ll be happy.

But while I love the Blues, the “woe-is-me” type blues are not something that is much appreciated by financial companies…although you’d never know it by how often they have sung those tunes following breaches of data that have happened over  the past 18 months. It seems like we’ve reached or even gone beyond the point where “Here we go again” just doesn’t quite cut it.

If Trouble Was Money

For what seems like the umpteenth time in the last year and a half, a major credit card processor has announced a breach of its customer database, meaning confidential information belonging to those customers has potentially been exposed to individuals who may (or may not) choose to use it to their financial gain.

This time around, MasterCard and Visa found themselves having to alert banks across the U.S. that one of its payment processors had discovered a breach of its files and as many as 10 million customers could have been affected by it. The breach, discovered in March, is believed to have occurred sometime between the beginning of the year and mid-February.

In admitting to the breach, the payments processor attempted to put a positive spin on the story, saying that it was “reassuring that our security processes detected an intrusion.” The problem is, by the time the intrusion was detected, the data had already been exposed. I’m not quite sure how that qualifies as “reassuring.”

Shake Your Moneymaker

The statement about the breach was also a bit on the cagey side when explaining the root cause of the breach it suffered, merely noting that it had called in law enforcement and “external experts in information technology forensics” to investigate.

External experts in information technology forensics? That sounds an awful lot like people who come in to find the holes – i.e., structural quality issues – in the applications that were breached. It also sounds like they will be looking into the very same structural quality issues that breached company could have and should have addressed before either deploying these applications, or, at the very least, during periodic assessment of the company’s IT systems to ensure that the integrity of the breached application was upheld.

It’s time for companies in the financial industry to realize that the “enemy within” – the structural quality of their data-hosting applications – is the true first line of defense, apply some measure of analysis and measurement to detect issues and then fix them.

Until then, I’m afraid we will continue to see more financial companies singing B.B. King’s “It’s My Own Fault” than we will see singing Muddy Waters’ “I’m Ready.”

 

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|