Desjardins Breach Shows That Internal Security Controls Are Broken

Canada’s largest credit union, Desjardins, announced a major security breach caused by a former employee, who had taken the data of 2.9 million members without authorization showing that internal security controls need a revampe.

More on the story here: https://www.zdnet.com/article/desjardins-canadas-largest-credit-union-announces-security-breach/

Get The Full Warren Buffett Series in PDF

Get the entire 10-part series on Warren Buffett in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q1 hedge fund letters, conference, scoops etc

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented:

“When just one employee, reportedly acting without acolytes, has an uncontrollable access to such a huge amount of confidential data and even manages to take it away, there is reason to believe that some of the internal security controls are broken. Human factor remains the largest and probably the most dangerous risk than cannot be fully remediated. Most companies considerably underestimate human risk and then face disastrous consequences.

Employee awareness and continuous education programs, as well as properly implemented internal security controls, can greatly reduce risk of human mistake and ruin even the most sophisticated phishing attacks. However, a malicious employee is a much more complicated case. First of all, security teams are already overloaded with tasks, processes and endless alerts, and therefore frequently disregard incidents caused by presumably trusted colleagues. Worse, some of the employee’s malicious activity is technically undistinguishable from the legitimate daily work. Nonetheless, major incidents akin to this one, are usually easily detectable and preventable.”

What do you think about the latest data breach? How can companies and IT experts prevent it from happening again? Or can they  may be a better way to phrase that question?  Please let us know in the comments section.



About the Author

Jacob Wolinsky
Jacob Wolinsky is the founder of ValueWalk.com, a popular value investing and hedge fund focused investment website. Prior to ValueWalk, Jacob was VP of Business Development at SumZero. Prior to SumZero, Jacob worked as an equity analyst first at a micro-cap focused private equity firm, followed by a stint at a smid cap focused research shop. Jacob lives with his wife and four kids in Passaic NJ. - Email: jacob(at)valuewalk.com - Twitter username: JacobWolinsky - Full Disclosure: I do not purchase any equities anymore to avoid even the appearance of a conflict of interest and because at times I may receive grey areas of insider information. I have a few existing holdings from years ago, but I have sold off most of the equities and now only purchase mutual funds and some ETFs. I also own a few grams of Gold and Silver