News Insights: Data Breach at Bank of America

News Insights:

CEO and Founder of Concentric, Karthik Krishnan, said, “Simple human error is the likely culprit in the Bank of America/SBA breach. The combination of a new platform (for the SBA’s Paycheck Protection Program) and a crush of new traffic (305,000 PPP applications are being processed right now by the SBA) created the perfect conditions for a mistake. The spill involved documents uploaded to a PPP test platform. Details are sparse – but we know from experience that moving sensitive files to third party locations is risky. People make mistakes. Did the sender put the files in the right place? Did the administrator configure access privileges correctly? Accidentally oversharing a file is easy to do but hard to detect and remediate before it’s too late. Understanding risk in unstructured data – like these PPP applications – isn’t always straightforward. It’s a challenge to know what you have. Sensitive data is everywhere. It’s in the contracts, legal documents, source code, financial reports and, yes, the PPP applications you and your customers create and use every day. Additionally, even if you know what you have, you have to know how to handle it. These PPP applications were clearly sensitive. It’s a tough balance – too tight and you’ll make it impossible to collaborate. Too loose and you’ll be the one on tomorrow’s news. Understanding your data and the risk it represents is the best way to manage risk exposure in unstructured data. Given the volumes we’re talking about, any usable approach to addressing this also needs to operate autonomously to spot at-risk and overshared files and remediate problems quickly. It’s one of the best options we have to reduce risk when we’re sharing data with third parties – or any time we’re working to improve data security.”