On Thursday May 12, 2016, the Congressional Subcommittee on Science, Space and Technology held a special hearing in Room 2318 of the Rayburn House Office Building. The hearing addressed if Americans can trust their private banking information is secure by relying on the Federal Deposit Insurance Corporation (FDIC).
During the session, lawmakers stated that the FDIC has a long history of cyber-security incidents and that it is failing to safeguard private banking information of millions of Americans who rely on the FDIC.
In the last seven months alone, seven departing employees at the FDIC have left with personal banking information on thumb drives and other removable media.
While Lawrence Gross Jr., the FDIC’s CIO told lawmakers that the FDIC considered the data breaches as “inadvertent” copying of personal banking information that happened when departing employees were copying personal information to removable media, some of lawmakers called taking something that does not belong to employees as “theft”.
One of the sticking points during the hearing was that the FDIC didn’t immediately report the incidents as major breaches to Congress until prompted by its Inspector General’s Office. Gross stated that he didn’t originally classify the incidents as major breaches because they seemed to be accidental copying of files during “non-adversarial” departures of employees. Furthermore, Gross pointed out that employees involved had signed affidavits saying they didn’t share the data with others.
Are the American people buying this explanation? Since when has it been acceptable to have people accidentally or knowingly copying information that does not belong to them to removable devices?
The FDIC now commented about having controls around usage of information so sensitive data cannot be copied onto removable devices. Gross went further by stating the Agency is adding digital rights management software to their environment. This is a significant comment by the head of a significant Agency. The FDIC is now going about adding DRM on top of traditional perimeter solutions to control sensitive information while it is in use.
It is of utmost importance that organizations adopt technologies like Digital Rights Management as part of a data-centric security approach to protect sensitive information to maintain stability and public confidence. Fasoo provides a Data Security Framework to public and private entities alike to enhance their information security program to keep up with the threat gaps. Please contact us or visit us during the Gartner Security and Risk Management Summit in National Harbor, Maryland between June 13-16 at Booth #200 .