As CEOs from numerous industries respond to the Jan. 6, 2021, attack on Capitol Hill, payments and security leaders noted that security breaches are not limited to the digital world. In a Jan. 11, 2020, interview with The Green Sheet, Jodie Kelley, CEO of the Electronic Transactions Association, reflected on the current state of affairs at the U.S. Capitol, where the ETA is headquartered.
“At ETA we were shocked and deeply saddened by the attempt to overturn the election by force on January 6,” Kelley said. “This revolt against our democratic process, attack on the Capitol, and endangerment of elected officials is counter to everything we stand for as a nation.” Kelley urged payments industry stakeholders to take stock of the current situation. “It is important that we do not lose sight of the extreme rhetoric and divisiveness that has gotten us to this point, and we must examine how we have gotten to this place,” she said. “ETA looks forward to working closely with the Biden administration and the 117th Congress to address the critical issues of our day including the ongoing pandemic, economic uncertainty and record unemployment.”
[mkdf_separator class_name=”” type=”normal” position=”center” color=”” border_style=”” width=”” thickness=”” top_margin=”” bottom_margin=””]
Physical, digital security
Security services providers have also observed that commonplace terms in cybersecurity, such as “perimeter security” and “brute force attacks” have their origins in physical warfare.
Agility Recovery, a business continuity solutions provider, published a Jan. 8 statement, titled “United Path Forward: A Message from CEO Jon Bahl,” urging service providers to work together to remediate civil unrest.
“Violence or destruction is never the answer to addressing contrasts in points of view, and we will never condone acts of violence against people or entities,” Bahl wrote. “This week’s actions at the Capitol building were exacerbating the problem and are not part of the solution. We are encouraging our employees and customers to do what we can to help our country come together and find a more united path forward. We can be better as a nation and as a community to help make sure we prioritize humanity first.”
[mkdf_separator class_name=”” type=”normal” position=”center” color=”” border_style=”” width=”” thickness=”” top_margin=”” bottom_margin=””]
Plan ahead
Scott Teel, former communications director at Agility Recovery, advocated planning for disasters. In “Rehearse, review your emergency plan,” published Jan. 22, 2018, in The Green Sheet, Teel pointed out that most people think of disasters as things that happen to other communities and companies. Planning is critical, he noted, and companies “need more than a dusty three-ring binder” to prepare for the unexpected.
Security leaders from Control Scan Inc. and SecurityMetrics, also interviewed in that article, agreed planning for disasters and worst case scenarios is essential for large and small organizations.
Marc Punzirudu, vice president, security consulting services at ControlScan, observed that incident response (IR) is important in physical and virtual environments. “The IR plan works hand-in-hand with a business continuity plan to restore business-critical systems, and the first step is pulling together available documentation and holding a tabletop exercise, he stated in the January 2018 article. “You cannot test too often, or have too many test scenarios,” he said. “Each scenario should be authored in advance and mirror real and present threats to the organization.”
David Ellis, vice president, investigations at SecurityMetrics, mentioned that tabletop exercises can be useful for reinforcing individual roles in a data breach and testing an organization’s response to potential hacking scenarios. “By testing your plan, you can identify and address holes in the plan and help everyone involved see where they can improve and do this when there is no actual risk to your business’s assets,” Ellis said. “Just having an incident response plan won’t help you in a data breach. Your employees need to be aware of the plan and be properly trained on what they’re expected to do should you get breached.”
Numerous experts agree that forming a plan, testing it and helping all involved see where they can improve—while there is no risk to your assets—is advice both business and government entities can and should take to heart for physical and digital security going forward.
[mkdf_separator class_name=”” type=”normal” position=”center” color=”” border_style=”” width=”” thickness=”” top_margin=”” bottom_margin=””]
This article originally appeared January 11, 2021, in The Green Sheet: http://www.greensheet.com/breakingnews.php?article_id=2490.
Author
Dale S. Laszig, vice president, content marketing at Mobile Marketing & Technology and managing director, DSL Direct, is a payments industry journalist and content strategist who writes for multiple trade journals. Follow her on LinkedIn at https://www.linkedin.com/in/dalelaszig/ and @DSLdirect on Twitter.
