23 Jun Trends and future directions in data security
FINANCIAL SERVICES ARE A PRIMARY TARGET
Financial services enterprises have always known that they are a primary target for both traditional employee theft, and criminal hackers trying to steal assets. Insider thefts and inside jobs have been around as long as banks and brokerages have existed. Today, employees with legitimate access, service providers or contractors that maintain infrastructure and privileged users (both internal and at cloud and SaaS providers) are all possible actors, and potential attack vectors when their credentials are compromised.
Criminal hackers continue to be a top worry for financial services organizations, and nearly every financial sector breach has included a compromise of a privileged user account or a privileged account at a partner. Nation state hackers attempting to commit acts of cyber terrorism, destabilize financial infrastructure, embarrass opponents or gain competitive advantage are another major concern.
THE MOST VULNERABLE SECTOR—US FINANCIAL SERVICES
We asked a crucial question of all survey respondents—“How vulnerable is your organization to insider threats?” Although U.S. financial services did not have the highest rates of feeling very or extremely vulnerable (they responded at 44%, well below the level for U.S. retailers at 51%), overall they responded with the highest rate of somewhat or more vulnerable (97%). This was a common theme for U.S. organizations, who felt consistently more vulnerable than their international counterparts (84%). Our belief is that this sense of vulnerability is driven by multiple factors:
- Their knowledge of their own shortcomings, having failed compliance audits or encountered data breaches themselves in the last year (41%).
- The significant level at which they’ve seen breaches at partners and competitors (34%) as well as in the media.
- And the awareness that they are always a prime target, given the treasure trove that their financial assets and corporate data represent
FAILING TO SECURE THEIR DATA
U.S. financial services organizations are encountering real difficulty in securing their assets. Since 2009, there has been a cadence of large and small breaches at these institutions making news headlines—starting with Heartland payments, moving on to Global Payments and concluding this year with JPMorgan Chase. These attacks most often include a strong element of compromised insider credentials.
It is troubling to find that 41% of financial services respondents reported that they encountered a data breach or failed a compliance audit in the last year. With their responsibility to protect financial assets, this sector has always tended to invest more heavily in IT Security controls than others. A second statistic adds to this picture with 27% of respondents protecting sensitive data in response to a past data breach (the highest rate of major sectors that were polled).
The implied high rate of failure to meet compliance audits is especially telling. Compliance requirements do not evolve as fast as threats in this sector, and as a result have become only a good “baseline” to build from for a full data security strategy. Failure at this baseline level is not a good sign for the security of their customers’ information.
Get the complete report here
No Comments