During a discussion of cyber security, the superintendent for the New York Department of Financial Services (DFS), Benjamin Lawsky, said, “It is impossible to take it seriously enough” (Lopez & Friefeld ). The importance of cyber security cannot be understated. Last week I posted specifically about the Home Depot breach, but there are so many more. Just yesterday, the Channel 7 news in Omaha had a story that Jimmy John’s experienced a breach. J.P. Morgan has also recently reported that they are investigating a potential breach. In fact, the DFS issued a report earlier in the year that the majority of financial institutions have experienced at least one attack in the last three years. Exact numbers were not provided in the article, but this still seems like a significant number of attacks. This doesn’t even include the number experienced by retailers.
In my post last week, I stated that it seems retailers are taking the required extra steps only AFTER an attack has occurred, instead of learning from others and taking steps now. Lawsky points out that lawmakers are in a position to enforce requirements, but I think any policies they put into place to address this specific topic would be to general or too outdated by the time the bills were approved. Technology tends to move faster than Congress (especially of late).
The article ends with Lawsky saying, “Once there is a major event, everyone suffers. We are going to pay for it either now or then” (Lopez & Friefeld ). This is my belief to an extent, but I would suggest that it actually costs more to wait for something to happen. Aside from the expense of review and upgrading the system to prevent a breach, the company would have to cover the cost of identity protection and any required reparations after a breach. In the long run it is cheaper to make changes now instead of waiting for shit hit the fan and have people scrambling to resolve what should happen fix initially. By focusing attention on the importance of cyber security now, Lawsky is positioning New York in a better position to protect the financial institutions.
Lopez, L. & Friefeld, K. (2014). N.Y. Financial Regulator Says to Focus on Cyber Security.