The recent data breach at a collection industry has given credit and collection industry executives of all shapes and sizes a case of insomnia, and a common strategy is to just throw more money at information technology and data security. But how do you know if that money is actually doing anything?
If you don’t, you’re not alone. More than half of the information technology executives who participated in a survey “admit they are in the dark about how well the technologies they have are meeting expectations and protecting the network,” according to a report that was issued yesterday. That led only 39% of those who were surveyed to conclude “they are getting the full value from their security investments.”
American Medical Collection Agency has filed for bankruptcy protection after an unauthorized user gained access to the company’s web payments portal for more than eight months, compromising the personal and financial information of more than 25 million individuals.
Being able to identify and respond to a breach was not just a problem at AMCA. A primary obstacle to responding to a breach is a lack of timely response and engagement with other departments and functions, according to the report, which came second to only a shortage of skilled incident response personnel as the obstacles to effective responding to a breach.
The persistence and sophistication of hackers is the primary reason why data breaches happen, according to the survey, but human error and employees falling for phishing scams were the fourth- and fifth-most popular reasons.