For an article in Database Trends & Applications, managing editor Joyce Wells interviewed several security industry experts to comment on week that saw several high profile security breaches make headlines. Protegrity CEO Suni Munshani was one of them.
Officials at the New York Stock Exchange have confirmed that the outage on Wednesday, July 8, which halted stock trading was caused by a software glitch related to new software configuration compatibility issues.
But no matter what the reasons, a series of unfortunate events added up to a lot of bad news for data security and availability during just one week.
In addition to the NYSE outage, IT issues resulted in the grounding of United Airlines planes for 2 hours on the same day, now thought to be due to a network problem. And, new revelations surfaced about the scope of the unauthorized access to data stored by the U.S. Office of Personnel Management (OPM), the government’s human resource department – now believed to be data related to more than 21 million people, including Social Security numbers. That situation led to the resignation of OPM director Katherine Archuleta. Adding to the pile-up, at the end of the week, on Friday, July 10, TD Ameritrade revealed that it had experienced problems related to an order router supporting one of its trading platforms, but that the issues had been resolved by 10 am.
At the NYSE, the suspension of trading lasted nearly 4 hours and drew initial speculation that it and the problems at United Airlines might be part of a cyberattack.
. . .
“We’re seeing that even some of the most powerful government agencies are at the mercy of hackers and breaches,” said Suni Munshani, CEO of data security provider Protegrity, referring to the OPM breach. “Ultimately, these agencies are accountable for this disaster and need to take steps to better protect the information of employees and citizens.”
All data custodians should learn from OPM occurrence, as well as the many other highly publicized breaches, that a traditional security model based on simple authentication and network controls alone is no longer sufficient to protect sensitive data, said Munshani. “The data itself must be protected with strong authorization controls, policy governance and real-time alerting for atypical data access. Furthermore, the compromise of a single individual’s authentication should not risk the exposure of sensitive data that is extremely valuable and harmful in the wrong hands.”
The full article can be found here.