How can big banks be prepared to take on the rapidly changing cybercriminal landscape?
For one, making sure security strategies are in place that, in essence, share the mindset of those hackers. As reported in The Wall Street Journal's CIO Journal yesterday (Dec. 16), there's one tactic that can be implemented to combat such threats.
Making data maps of how data moves, both inside and out of the company. That was the consensus of a group at a cyber event yesterday in NYC. What that means, according to Ed McAndrew, assistant U.S. attorney, who is an expert in this area, is creating what he called "data-flow maps" to track where data is flowing within and outside of a company.
That mapping is "exactly what cybercriminals do," McAndrew said at the ALM cyberSecure conference.
“They make a marauder’s map of your systems,” he said, noting that when security investigators review incidents after they occur, this is the type of data they seek. But being proactive in this approach would be a better alternative, of course.
For Bank of America's merchant services side — which is in charge of its Visa and MasterCard transactions — this means tapping into these complicated data maps from third-party partners, according to JoAnn Carlton, general counsel for the group.
But that also means having the vendors take responsibility for the data. While the maps are a “very tortured and complicated exercise,” they are necessary for truly protecting high-security issues that impact customer data, or what she calls personally identifiable information (PII).
“Yesterday, I was called into a meeting where a vendor didn’t want liability in the contract,” she said. “My first question was what data of ours do they have access to. If it’s PII, we’re walking away.”