May 17, 2016 4:00:51 AM EDT | Blog How Secure Are You?

It started on a Monday with a single exclusive story published on the Reuters website, where user information for over 200 million stolen email accounts encompassing mail.ru, Google, Yahoo and Microsoft landed in the hands of hackers.

It started on a Monday with a single exclusive story published on the Reuters website, where user information for over 200 million stolen email accounts encompassing mail.ru, Google, Yahoo and Microsoft landed in the hands of hackers.

Fast forward to Friday, and the Internet was dominated with news stories on large institutions and how their data and information either fell into the wrong hands or was accessed by the wrong people. Among some of the more prevalent stories:

  1. A criminal investigation is underway at the FDIC on multiple internal data breaches. Specifically, the regulator reported to congress on Monday that five ‘major’ data breaches occurred, involving former employees downloading information and taking it with them.
  2. Allen Memorial Hospital, located in Waterloo IA, reported that an employee accessed confidential information for over 1,600 patients over the course of 7 years, including social security records, insurance information and additional information on treatments received.
  3. Fast Food Chain Wendy’s, based in Dublin, OH reported that 5% of their restaurants were affected by a data breach. The details, which emerged earlier this year, centers on malware installed through compromised ‘third-party vendor credentials,’ which gave access to data from one particular point of sale.

They all started with an internal factor – access control.

The question is, how do you close the gaps?

The answer is to put the right access management program with the right strategic foundation and tactical elements in place.

This includes, but is not limited to:

  • Establishing a methodology to reduce open and excessive access
  • Identifying appropriate guidelines for access authorization
  • Developing automated and ongoing exception based reports
  • Implementing data classification

Knowing who has access, who is utilizing access, what they are accessing and being able to audit that information will make your environment much more secure.

Rosario Mastrogiacomo

Written By: Rosario Mastrogiacomo

Rosario Mastrogiacomo is the Vice President of Engineering for SPHERE, where he focuses on solving complex security and infrastructure problems involving the processing and analysis of large data sets to find creative and out-of-box thinking solutions. Rosario has been working as a technology leader for over 25 years at financial organizations such as Neuberger Berman, Lehman Brothers, and Barclays. He has held various senior leadership positions including Global Head of Core Software Engineering, Head of Mac Platform Engineering, Global Head of Windows Engineering, and Windows Support Manager. Rosario has built and managed several teams within these positions, some with multi-million-dollar budgets. For the last eight years at SPHERE, Rosario has built the team and methodologies for the development of SPHEREboard. Rosario holds a B.S. in Business Administration from Baruch College (CUNY).