17 October 2017
•
And half the world's financial firms have been subjected to a cyber attack in the past year, claims Thales
More than half of global financial services firms have been hit by a cyber attack in the past year.
That's according to the 2017 Thales Data Threat Report, Financial Edition. It suggests that financial organisations face unprecedented data security challenges as they invest in new digital transformation technologies.
Issued in conjunction with analyst firm 451 Research, the report shows that businesses in the financial sector are struggling with evolving regulations, new technical demands and rising cyber crime - all leading to an increase in data breaches.
As well as finding that 40 per cent of financial firms have been hit by data breaches in 2017, it also revealed that 21 per cent have been targeted on several occasions. And 90 per cent feel more vulnerable to attacks, mainly to a lack of appropriate protection.
That said, there's a changing tide in cyber security investment within the financial world. A majority of firms (78 per cent) are upping investment in suitable cyber security solutions to protect critical data.
Financial firms are also upgrading from legacy platforms to more up-to-date systems reflecting changes in consumer and marketplace preferences. However, many of these changes are resulting in new data security problems.
Almost all respondents (92 per cent) said they plan to deploy advanced technologies - such as Internet of Things devices, cloud, and big data, while shifting to containerisation - this year. But three quarters of them will do so in advance of having the right data security mechanisms in place.
Of this, 53 per cent will invest in network security and 64 per cent in endpoint security. Meanwhile, only 43 per cent will spend on data-in-motion and 40 per cent on rest defences. That's despite being a credible defence solution for data breaches.
In terms of threats, many respondents felt that privileged users pose the biggest insider threats, while executive staff (48 per cent) and contractors (38 per cent) follow.
Cyber criminals are at the top of the list of external threat actors, along with nation-states (18 per cent), hacktivists (16 per cent) and business competitors (13 per cent).
The upcoming GDPR law is another important factor here. Around three-quarters of firms (72 per cent) are affected by data privacy regulations, and 66 per cent listed encryption as a top control to conform to these requirements.
Garrett Bekker, principal analyst for information security at 451 Research, said: "While the financial sector has made substantial technological advances, it's still tied to security solutions that worked in the past but aren't necessarily the most effective at stopping modern attacks.
"There are a number of data security technologies - such as encryption and key management solutions - that could arguably do a better job of protecting data, particularly data being used in cloud, big data and IoT environments."
Peter Galvin, vice president of strategy at Thales e-Security, added: "Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers.
"As digitisation continues to transform the industry's online infrastructures it is critical organizations implement data security solutions that follow the data - wherever it is created, shared or stored."
Nik Whitfield, who previously BAE Systems Detica and is now CEO of data analytics firm Panaseer, said banks are facing many of the threats here.
"Many attacks on banks succeed because of the challenge that banks face in maintaining perfect cyber hygiene - they have tens of thousands of computers and they have tens of thousands of employees using those machines," he said.
" And much like in the field of counter terrorism, the adversary only needs to succeed once, whereas defenders have to get it right every single time, making this an asymmetric relationship.
"This is further complicated by the myriad of IT systems and security technologies that have been deployed over the years to protect the bank. Often they do not talk to each other and those responsible for security understandably find it hard to see a joined up picture of what's going on."
