Saturday, May 28, 2011

Bank of America Breach - An Inside Job

Bank of America managed to take the data breach spotlight away from Sony. According to news sources, a Bank of America employee leaked account holder information to fraudsters. Armed with that data, the fraudsters managed to defraud more than 300 BofA customers, inflicting over 10 million dollars in damage.

While we traditionally worry about the emergence of sophisticated attack vectors like Man-in-the-Middle attacks, it's sometimes prudent to think that the threat of an inside job is always there for data breaches. Enterprises can take steps to authenticate internal processes, users, and transactions to mitigate such attacks. Some of our customers use SolidPass internally as well to validate and authenticate the transactions in addition to users, by invoking strong two-factor authentication like challenge-response and transaction data signing. This is a more comprehensive approach to security than just using one-time passwords. They have integrated it with CRM, ERP, and other internal systems.

No comments:

Post a Comment