Cyber security headlines often use the term “major incident” in reference to data breaches involving a large number of records. But what actually classifies an incident as “major”? What is the magic number that makes a security breach more than just the garden variety?
As part of an initiative to enhance its security posture, the Federal Deposit Insurance Corporation (FDIC) in February defined a “major incident” specifically as one that involves 10,000 records or more. The agency then retroactively reported five major incidents dating back to October 2015.
These incidents, which the agency considers low-risk, occurred when “employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files,” according to the Washington Post. “Those involved in the breaches signed affidavits attesting they did not share the data.”
In April, the FDIC reported a similar incident in which an employee inadvertently downloaded the data of approximately 44,000 customers to a personal storage device. The resulting investigation determined that there was no malicious intent behind these actions.
While these data breaches have been classified as accidents, the FDIC has taken significant preventive actions, including developing software to recall and destroy misplaced data. The agency also is introducing safeguards prohibiting the transfer of data to portable devices and conducting a comprehensive assessment of its privacy and security programs.
The FDIC’s incidents and corrective actions serve as an important example for organizations in the private and public sectors. Whether intentional or accidental, insiders’ access of sensitive data can often serve as the entry point for hackers. A recent example is the breach of the Office of Personnel Management, in which Chinese hackers obtained login credentials from a contract worker on the network.
It’s important to have a plan of action for preventing and responding to insider incidents, even if they are unintentional. As the FDIC has done, organizations can undertake a security audit to better understand the holes they need to close. This can inform necessary improvements to event monitoring, authorization management and incident response initiatives, and drastically reduce the potential for insider incidents.