As Chase customers scramble to find out whether their personal information was compromised in a data breach that affected more than 80 million accounts, the company’s top tech executive is on the hot seat. And CIO Dana Deasy is no stranger to the position.
Deasy had been on the job for less than a year as Chase's chief information officer when cyberthieves broke in this summer. Before that, he was CIO at BP when a rig chartered by the petroleum giant caused one of the biggest environmental disasters in history. The Deepwater Horizon blew in 2010, killing 11 and spilling 5 million barrels of oil into the Gulf of Mexico.
Prior to BP, Deasy joined Tyco as CIO at the height of a 2002 scandal involving CEO Dennis Kozlowski, who was ultimately jailed for corporate theft.
That's not suggest that Deasy was in any way culpable for any of these events. Indeed, his experiences should have armed him with crisis management and corporate survival skills he may need again. Target CIO Beth Jacob resigned, along with CEO Gregg Steinhafel, after the retailer suffered its own massive breach earlier this year.
A representative for Chase said Deasy was unavailable to comment for this story.
Deasy is well aware of the importance of cybersecurity. At BP, he warned that employees bringing their personal computers to work presented a huge risk to the energy industry’s security. He said during one speech that the threat had “quietly been getting worse and worse,” with organized crime and state-sponsored foreign entities constantly working to infiltrate major institutions.
“You almost have to set your organization to think about dealing with the art of warfare, because you are dealing with a different sort of adversary,” he said in a speech at Gartner’s Symposium in Barcelona last year, as quoted by CSO Online. “[State-sponsored attacks] are the ones that we are most concerned about, because the nature of them is that they aren’t necessarily causing you harm today, or even tomorrow, but some day in the future. Or they don’t even want you to know that they are there.”
Some reports have indicated that hackers affiliated with the Russian government are behind the attack on Chase. The biggest bank in the U.S. revealed Thursday in a Securities and Exchange Commission filing that more than 80 million current and former customers’ information is believed to have been stolen through a wide-ranging hack that compromised their names, addresses and phone numbers, though not their banking information.
The infiltration, traced to Eastern Europe, began in June and lasted until mid-August, the bank said.
Tech pundits say corporate leaders need to be better prepared for cyberattacks. “Many times CEOs and their C-level reports are frustrated because of the lack of appropriate training for them to determine, at the executive level, what the real risk to their company is,” wrote Forbes contributor Eric Basu. “They don’t want to get into the details of what the Heartbleed bug does, for example, but they do want to be able to quantify in their mind what their risk is."