Cybersecurity experts weigh in on Capital One breach
Friday, August 2, 2019
This week’s news of the breach at Capital One Financial Corp. rocked the world and has cybersecurity experts buzzing to analyze what went wrong and advise others how to prevent similar issues at their own organizations.
Ilia Kolochenko, founder and chief executive officer, ImmuniWeb
“This is just one more colorful, albeit lamentable, example that web applications are the Achilles’ Heel of the modern financial industry. Reportedly, the intrusion had happened in March but was noticed only upon notification in late July. Given Capital One’s [comparatively] immense capacity to invest into cybersecurity and the allegedly trivial nature of the vulnerability, such protracted detection timeline is incomprehensibly huge. Legal ramifications of the breach may be both exorbitant and protracted, including regulatory fines and penalties, individual and class action lawsuits by the victims. Talking about the alleged suspect, one should remember about the presumption of innocence. The person in question could have been tricked to access or download the data without any intent to sell it or use with malice, serving as a smoke-screen to mislead law enforcement agencies. Until all the circumstances of the incident become crystal-clear, it would be premature to blame anyone. Victims should now carefully monitor their credit scores and be extremely cautious about any abnormal activities with their accounts. If the data was stolen and sold, we may expect a wave of sophisticated spear-phishing.” Read Full Article
TechRepublic: How to protect your corporate bank account after the Capital One breach: 10 tips
SC Media: Capital One hacker who stole personal info on 100M arrested