What Financial Services Executives Need to Know About Data-Security

Uploaded on 2019-01-23 in FREE TO VIEW, BUSINESS-Services-Financial, NEWS-Cybersecurity News

The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. 
 
The industry is known for its wide array of interconnected systems and the processing of millions of transactions, factors that render it particularly vulnerable to attack. As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. 
 
In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%). 
 
Regulators are reacting quickly. For example, the US Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. 
 
Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 US financial services executives surveyed by Forbes Insights are currently using encryption technology. But getting ahead of hackers requires knowing the dangers that lurk outside an organisation. Here are the top three threats facing the financial services industry:
 
1) Web Application Attacks
Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.
 
2) DDoS Attacks
Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.
 
3) Insider Threats
Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Often-times, unwitting workers fall victim to phishing scams or accidentally download malware. 
However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months, sometimes years, to detect.
 
Safety Practice 
Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimise legal exposure. To do so, consider the following steps:
 
• Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
• Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
• Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches. 
 
In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise.  However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.
 
Forbes
 
You Might Also Read:
 
5 Cyber Threats Executives Should Understand:
 
 
« The US Pentagon Has Numerous Security Gaps
GCHQ Introduces Women Only Cybersecurity Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

High Technology Crime Investigation Association (HTCIA)

High Technology Crime Investigation Association (HTCIA)

HTCIA was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

NSI Global

NSI Global

NSI Global is a specialist Global Risk and Intelligence Advisory Firm that has built a reputation for consistently managing complex projects.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.