What are the ultimate data breach solutions?

[flintnational]

Bloomberg is reporting this morning the SEC EDGAR data base was hacked.

"This hack illustrates that protecting against hackers isn’t as easy as the government sometimes expects of companies,” said Bradley Bondi, a former SEC enforcement attorney now in private practice. “Everyone is vulnerable at any time.

Apparently, the private sector, the government, credit agencies nor anyone else is able to protect data. What are the ultimate solutions for this problem? This could include legislation (without politics), technology or other protections.

My thoughts - 1) I envision a system where the financial industry as a whole is responsible for fraud and fixing mistakes when they occur. This would be similar to credit card companies covering losses from fraud.

2) An opt out system for those that don't want to be in the "system". Not sure this would work for the individual, but it should be an option.

3) I am weak on technology. I will wait for the IT guys to advise us in this area.

What do you think would help?

FN

 

[Totoro]

In short: resiliency, active purging and a response plan.

Only keep what you really need, and split up your data resources so that one breach doesn't disclose everything.

Protecting a data center is like protecting a normal building from criminals: you can make it harder but it someone wants to get in really badly, they will find a way. So better be prepared for the eventuality.

 

[MRG]

Didn't have any issues before things were opened up to the net. Increases vulnerabilities and the potential for hacks.

Many companies are very weak about security on net applications. I've seen development staffs try to create internet facing applications with no regard to the best praticices of security.

I also believe the reliance on open source application frameworks to be, foolish at best! I'm not saying they don't provide value to development but...You're putting your eggs in a global basket.

Lastly one thing I watched security conscious companies do is engage with out consulting security hackers. Our CIO would engage multiple folks to hack our systems. We, the technology staff, were not informed of these tests in advance. Our team caught them in the first 15 minutes, a large discussion ensued about doing this while clients were using systems. His opinion was very simple, hacks don't wait or care about your clients.

He gave us a compliment that we were the only technology stack that detected any intrusion. The other areas were now under the microscope. Several senior folks were out the door and a new sense of security conscious was expected.

I believe breaches are optional. It takes a commitment to security from all levels of the organization. I'm a very strong believer of professional malpractice, in all disciplines. A data centric company who leaks your data is about the same as a surgeon showing up drunk.

 

[Blue Collar Guy]

Here is an old time solution, Find the offender, and beat him up.

 

[Nightcap]

Here is an old time solution, Find the offender, and beat him up.

I like Blue Collar Guy's answer, impracticable though it may be. Nobody hacks Keyser Söze's database.

 

[flintnational]

Here is an old time solution, Find the offender, and beat him up.

Your NY is showing.

FN