A Breach to Remember - What Banks Have in Common with Titanic
At the end of the film, it was revealed that the shipping line had only put just enough life boats on the ship to meet the minimum regulations required by English maritime law. There were only 20 lifeboats that would hold 1,178. In fact, the Titanic actually exceeded the minimum of 16 boats required at the time for British ships over 10,000 tons. But because the White Star Line didn't want to clutter the decks with more lifeboats, 1,522 people perished that night.
As I sat there watching the credits roll, I thought "How many financial institutions out there only do the 'minimum required' to meet regulatory requirements?"
How many financial institutions out there only do the 'minimum required' to meet regulatory requirements?"
You're reading this and thinking you're not included in the minimum group. If this is the case -- good for you. But when speaking with various members in the information security community, I'm hearing there's apparently more Titanic ocean liners afloat amidst packs of icebergs in the financial services industry than we'd like to imagine.
This just isn't about information security, but the overall risk at a banking institution. Next time you're thinking of "How can I get around not doing [fill in the blank] to meet my examination requirements" think of the Titanic. When it comes to vendor management, business continuity, red flags - whatever -- don't just do what some call "check box compliance;" do more than what's required.
The original plans for the Titanic called for 64 lifeboats, but White Star management reduced that number, thinking it was an added cost because the ship was touted as "unsinkable." What level of hubris does your institution's management hold when it comes to risk management plans? Do they think they should be reduced to meet only what the regulations call for?
Even if you think your institution is unsinkable, insist on the right number of lifeboats.