Of all the sensitive personal data consumers and businesses would rather not see compromised, financial data is surely toward the top of the list. But, a new report by cybersecurity company Thales e-Security suggests data breaches at financial institutions (FIs) are on the rise, and that information technology (IT) professionals who work for these firms are growing increasingly concerned about the issue.
Thales partnered with 451 Research for the “2017 Data Threat Report, Financial Services Edition,” a report which surveyed U.S.-based financial services (FinServ) firms to assess their cybersecurity practices and experiences. The results weren’t great.
Nearly 90 percent of IT professionals within these organizations said they believe their firms are at risk of data breaches, while 42 percent of FinServ organizations reported they have already suffered some sort of data breach. Nearly one-quarter of those 42 percent said the data breach occurred in the last year, up from 19 percent in 2016. Twelve percent said their firms had already been the victim of more than one data breach.
Banks, FIs and other players are all racing to adopt tools like the cloud and Big Data as both traditional and alternative FinServ players work to keep pace with customer demand for more sophisticated, digital services and products, Thales noted. But, it seems this shift can often occur before these businesses actually secure the data that’s being moved from legacy systems into more sophisticated platforms. While 96 percent said they know they will be working with sensitive data stored in some type of “advanced technology environment” this year, nearly half said they are deploying these environments before taking appropriate measures to upgrade data security.
More than half of surveyed respondents said they are most concerned about environmental security vulnerabilities linked to shared infrastructure and a lack of data location control. Nearly the same portion said they are worried about a security breach with their cloud services provider.
Internally, these professionals say privileged users pose the greatest data security threat, something that was cited by 61 percent of survey respondents, followed by executive staff (40 percent). Outside of the company, though, cybercriminals were cited by 51 percent of respondents as the top threat, followed by cyberterrorists and nation-states.
“While the financial sector has made substantial technological advances, it’s still tied to security solutions that worked in the past but aren’t necessarily the most effective at stopping modern attacks,” said 451 Research principal analyst for information security Garrett Bekker in a statement announcing the report. “There are a number of data security technologies — such as encryption and key management solutions — that could arguably do a better job of protecting data, particularly data being used in cloud, Big Data and IoT environments.”
Despite growing concerns over data breaches and clear gaps in financial service companies’ data security practices, researchers did find these players are aware of the value of encryption. Seventy percent of professionals surveyed agreed encryption would be their top strategy to address the more than 100 federal data privacy and sovereignty regulations in place today. In addition, 78 percent also said they plan to increase IT security spending.
Despite this, though, data security seems to be lagging. And, according to Thales e-Security vice president of strategy Peter Galvin, this threat will continue into the foreseeable future.
“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Galvin stated. “As digitization continues to transform the industry’s online infrastructure, it is critical [that] organizations implement data security solutions that follow the data — wherever it is created, shared or stored.”
According to Thales, that means financial services organizations must invest in security solutions that provide automation and analytics and should deploy two-factor or multi-factor authentication solutions. Tools should focus on ease-of-use and provide encryption, enterprise key management and access control, the company added.