Capital One Financial Corp, a US-based bank, suffered a data breach in 2019 and has now been penalized with a fine of $80 million for not owning the right cybersecurity controls to prevent the breach, like network security, data loss prevention, and alert systems to identify threats. The Office of the Comptroller of the Currency (OCC), a regulatory body for national banks, has levied a civil monetary penalty on Capital One for the bank’s failure to establish proper risk management procedures while migrating its operations to a public cloud-based service.
Furthermore, the OCC has mentioned that Capital One had failed to patch security vulnerabilities, which resulted in the data breach of credit card details, the bank account numbers of 80,000 customers, and one million Canadian Social Insurance numbers. The hacker breached the Capital One system through a misconfigured firewall, allowing him to get away with 700 folders of sensitive information.
The hacker was convicted and has been sentenced to 25 years in prison as well as fined $250,000. Capital One’s data breach isn't the first of its kind; the financial sector has always been one of the prime targets for cyberattacks. The massive data breach at Equifax should have been a warning sign for other enterprises to brace their defenses.
Enterprises must understand the importance of solid cybersecurity procedures and educate their employees, suppliers, and stakeholders on proper security protocols. It is important to always be vigilant, especially when your employees are working remotely. Here are a few points to remember when you define your cybersecurity checklist:
With ManageEngine solutions, you can tick patching, data loss prevention, application whitelisting/blacklisting, and firewall configurations off your security checklist.
