Home » cyber security » The FDIC’s New Initiative to Enhance Security
Server room interior

The FDIC’s New Initiative to Enhance Security

Cyber security headlines often use the term “major incident” in reference to data breaches involving a large number of records. But what actually classifies an incident as “major”? What is the magic number that makes a security breach more than just the garden variety?

As part of an initiative to enhance its security posture, the Federal Deposit Insurance Corporation (FDIC) in February defined a “major incident” specifically as one that involves 10,000 records or more. The agency then retroactively reported five major incidents dating back to October 2015.

These incidents, which the agency considers low-risk, occurred when “employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files,” according to the Washington Post. “Those involved in the breaches signed affidavits attesting they did not share the data.”

In April, the FDIC reported a similar incident in which an employee inadvertently downloaded the data of approximately 44,000 customers to a personal storage device. The resulting investigation determined that there was no malicious intent behind these actions.

While these data breaches have been classified as accidents, the FDIC has taken significant preventive actions, including developing software to recall and destroy misplaced data. The agency also is introducing safeguards prohibiting the transfer of data to portable devices and conducting a comprehensive assessment of its privacy and security programs.

The FDIC’s incidents and corrective actions serve as an important example for organizations in the private and public sectors. Whether intentional or accidental, insiders’ access of sensitive data can often serve as the entry point for hackers. A recent example is the breach of the Office of Personnel Management, in which Chinese hackers obtained login credentials from a contract worker on the network.

It’s important to have a plan of action for preventing and responding to insider incidents, even if they are unintentional. As the FDIC has done, organizations can undertake a security audit to better understand the holes they need to close. This can inform necessary improvements to event monitoring, authorization management and incident response initiatives, and drastically reduce the potential for insider incidents.

Lunarline has a full scope of services that can improve your insider threat management, and it has the skilled experts you need on your side. Visit Lunarline.com or contact us today to get started.

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.