Tuesday, January 13, 2009

Financial firms - poor security or valuable data?

Since the recent PricewaterhouseCoopers report came out, there has been a lot of discussion on why financial firms are coming up short on data security.

While I think there is some truth to the story - for example, it is staggering to think that organizations do not have incident response processes or defined methods to address a data breach, I am not convinced that financial firms are behind anyone in terms of approaching data security.

For one, they have the most valuable data in the world and are often the target compared to any other vertical, save the government. In spite of being such a huge target, they don't seem to have a massive share of the breaches - according to the new report from the ITRC in San Diego. In fact this is the statement from that report, "The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years."

And from my experience as a vendor working with many financial firms, almost all of them have good processes, encryption and data security products deployed and some of the most security savvy employees. I would love to know more about the types of financial institutions that did not perform well. Are they the small regional banks or are they larger ones that might have huge amounts of data?

Hmmm.. So I am a bit skeptical about parts of the report... I think, while there might be some truth to it, being custodians of such valuable data, banks are overall quite responsibile in terms of data security.

No comments: