Attackers Target Citigroup

Recently, cyber-attackers were allegedly successful in gaining unauthorized access to thousands of bank customer accounts at Citi Account Online. Citigroup has reportedly acknowledged the news first reported by The Financial Times. The accessed information includes names, account numbers, and contact information such as e-mail addresses of around 1% of the bank customers. IT security professionals of the organization identified the security breach incident during a routine monitoring, early last month. The bank has started notifying customers affected by the data breach incident. Citigroup is the latest to join a range of other major companies, which have suffered data breach incidents. According to the bank, the security breach incident did not result in compromise of other sensitive information such as birth dates, social security numbers, credit card numbers, card expiration date, and CVV numbers. The company has notified counter crime agencies regarding the incident. Affected individuals must be cautious of possible phishing attacks and spam e-mails, which may appear to come from Citigroup or other legitimate organizations. Organizations must notify affected individuals within reasonable time frame, to allow them to take precautionary measures.

There have been a series of security and data breach incidents in the recent months, leading to compromise of personally identifiable information of millions of individuals across the world. Frequent data breach incidents highlight lax security practices and procedures followed in organizations. Cyber-attackers have access to wide range of attacking tools and techniques to exploit vulnerabilities in computer systems and networks. Further, they may use the collected information to launch sophisticated target-based attacks. As such, organizations must place high emphasis on IT security. Professionals qualified in IT masters degree and security certifications may help in identifying lapses in security policies, prioritize security updates, identify obsolete equipment, and improve security practices.

Employee negligence may also result in data breach incidents. Negligent information security practices may result in advertent disclosure of privileged information to internal and external sources. As such, security awareness training is crucial to educate employees on social engineering threats, unauthorized access, security breach incidents and their implications. Online computer degree programs, case studies, and workshops may help employees in understanding and implementing best practices in information security. Inclusion of e-learning programs in performance evaluation may also motivate employees to improve cyber security awareness. Organizations must also place importance to the training needs of IT security professionals, and encourage them to self-pace their learning through online technology degree programs. Proactive coordination with other stakeholders is crucial to deal with ever evolving IT security threats.