A leading global bank will suffer a hack of the size and severity experienced by Equifax at some point, the founder of the most highly valued venture-backed cyber security startup has warned.
“If you take the top 100 banks they all have a similar scale of data as Equifax,” Orion Hindawi, the founder and chief executive of Tanium, told City A.M..
“Most of them are doing a better and better job, every week. I really am seeing a huge amount of energy being put into this, but one of them isn’t going to do a great job. And if it [data] is not segmented in a way that separates it, if it’s not encrypted correctly, you end up in a situation with the potential for a massive, massive data loss.”
Read more: Massive hack at Equifax exposes personal data of Brits and 143m Americans
The personal data of 143m Americans – more than 40 per cent of the US population – was breached by hackers the credit reporting giant revealed last week. It’s one of the most serious breaches ever seen and was yesterday called “one of the most egregious examples of corporate malfeasance since Enron” by US Senate Democratic leader Chuck Schumer.
Hindawi, whose firm counts 12 of the top 15 US banks among its customers and Lloyds and Barclays in the UK, warned that the sheer scale of banks’ systems means the threat of an attack can never be fully mitigated, but the severity and frequency can.
“I was speaking to a bank chief executive recently and his quote, that really stuck in my mind, was that there are three things that are existentially threatening to a business – meteors, weapons and cyber security. Those are the three things that can end his business today. And he obviously can’t control meteors and nuclear weapons,” he said.
Read more: Two-thirds of FTSE 350 board members lack cyber hack training
“But he’s doubling down and doubling down, but the reality is that it’s an unending problem. There is no perfect solution, so they’re spending hundreds of millions of dollars and they’re still at the place where they’re not sure how much more they need to put in.”
“It’s the frequency and the severity – it’s not binary, going from breaches to no breaches. The reality of the situation is even if you’re 99.9 per cent compliant, there’s always going to be a vector of attack and we just need to make sure that we contain it as much as we can and reduce the frequency.”
The US startup is valued at $3.75bn and is backed by Silicon Valley venture capital firm Andreessen Horowitz and private equity firm TPG. Customers also include Amazon, Nasdaq and the US Department of Defense.