20 Aug 2020
Failing to address your organization’s shortcomings in cybersecurity will always have ramifications, but they won’t always come from where you expect. Exhibit A: Earlier this month, bank holding corporation Capital One was hit with a cease and desist order from the Office of the Comptroller of the Currency (OCC), citing a “failure to establish effective risk assessment and management processes before migrating its information technology operations to a cloud operating environment.” On top of the order, Capital One will need to pay an $80 million fine to the U.S. Treasury and fulfill a series of cybersecurity compliance actions, which involves putting together an independent compliance committee, improve risk assessments for all aspects of their cloud operating environment, and take steps to reinvent their internal auditing program for more effective risk evaluation. Long-time followers of our blog will know this isn’t the first time Capital One’s cybersecurity mishaps have made headlines. But now, as banks nationwide prepare to move to cloud computing, a misstep as consequential as this one is crucial reading for other organizations reimagining the way they handle their data.