What Financial Services Executives Need to Know About Data-Security

The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. 
 
The industry is known for its wide array of interconnected systems and the processing of millions of transactions, factors that render it particularly vulnerable to attack. As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. 
 
In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%). 
 
Regulators are reacting quickly. For example, the US Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. 
 
Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 US financial services executives surveyed by Forbes Insights are currently using encryption technology. But getting ahead of hackers requires knowing the dangers that lurk outside an organisation. Here are the top three threats facing the financial services industry:
 
1) Web Application Attacks
Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.
 
2) DDoS Attacks
Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.
 
3) Insider Threats
Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Often-times, unwitting workers fall victim to phishing scams or accidentally download malware. 
However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months, sometimes years, to detect.
 
Safety Practice 
Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimise legal exposure. To do so, consider the following steps:
 
• Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
• Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
• Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches. 
 
In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise.  However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.
 
Forbes
 
You Might Also Read:
 
5 Cyber Threats Executives Should Understand:
 
 
« The US Pentagon Has Numerous Security Gaps
GCHQ Introduces Women Only Cybersecurity Training »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

US Army Cyber Command (ARCYBER)

US Army Cyber Command (ARCYBER)

US Army’s Cyber Command (ARCYBER) is engaged in the real-world cyberspace fight today, against near-peer adversaries, ISIS, and other global cyber threats.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.