I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar concepts without actually understanding how it impacts my clients specifically. For this reason, today I don’t want to spout off a bunch of information (as accurate as it may be) and tell you to go make sense of it, I would instead like to tell you a story. So sit back, relax, and enjoy the movie (cue Disney Castle scene)…
The camera fades in and the first thing you see is a beautiful, traditional Bank headquarter building. Yes, this is a tale of an innocent Bank full of smart people with good intentions. The story begins as you are introduced to noble people who want to take care of their coworkers and protect their customer’s confidential information. People like the Bank’s Information Security Officer, we’ll call him Walter White (played by none other than Bryan Cranston). We watch Walter take the appropriate steps to secure his IT environment: he hires experienced IT personnel he trusts, makes sure his bank is meeting compliance standards, and hires competent IT auditors (who he thinks are providing a penetration test).
Fade out for a second - does this story sound familiar to you? I can imagine you may be thinking “That sounds like my bank! I bet Walter would fit in well at my company. We work so hard to protect information and run a tight ship. We’ve even hired an IT firm to perform a penetration test!” – you’re convinced you’ve done what you can and your bank is secure. You’re excited as this act fades back in and is filled intense, action-packed scenes where Walter works diligently in his bank to prepare, plan and try his best to address the baseline requirements his federal examiners keep telling him he needs to meet.
You’re halfway through your bowl of popcorn now, enjoying this fairy tale and waiting for the happily every after that you’ve also envisioned for your bank.
Then the music takes a turn to a minor key and suddenly you’re very aware that something has gone wrong. You watch from the edge of your seat as Walter realizes something has happened and his bank is not as secure as he strongly believed it was. The scene comes to a screeching halt as his IT director enters the room to deliver the news you only hope doesn’t cause Walter (and yourself) to question everything he knew about information security.
And the screen fades to black.
End Episode One.
Like any good blockbuster this is precisely where a good ole intermission (or what they now call a winter finale) comes in. You’re in shock, you have no idea what’s going to happen next, and you’re genuinely (and maybe overly) concerned about Walter’s bank and his customers’ information.
While you’re slowing your heart rate, I would like this opportunity to commend Walter (and you, faithful spectator). Walter has been as proactive as he knows to be, he’s tried to protect his customers’ information and serve his bank well. Walter’s even been reading the cybersecurity newsletters that invade his inbox every day. In fact, that’s why he’s hired that security firm to perform a penetration test (or so he thinks).
But is that really enough anymore? Is meeting compliance standards, while valuable, sufficient to protect your IT environment that holds irreplaceable customer data? Tune in next week for Episode Two of Breaking Bank and you just might find out…
For weekly insights into cybersecurity, please sign up here: