What Financial Services Executives Need to Know About Data-Security

The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. 
 
The industry is known for its wide array of interconnected systems and the processing of millions of transactions, factors that render it particularly vulnerable to attack. As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. 
 
In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%). 
 
Regulators are reacting quickly. For example, the US Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. 
 
Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 US financial services executives surveyed by Forbes Insights are currently using encryption technology. But getting ahead of hackers requires knowing the dangers that lurk outside an organisation. Here are the top three threats facing the financial services industry:
 
1) Web Application Attacks
Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.
 
2) DDoS Attacks
Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.
 
3) Insider Threats
Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Often-times, unwitting workers fall victim to phishing scams or accidentally download malware. 
However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months, sometimes years, to detect.
 
Safety Practice 
Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimise legal exposure. To do so, consider the following steps:
 
• Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
• Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
• Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches. 
 
In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise.  However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.
 
Forbes
 
You Might Also Read:
 
5 Cyber Threats Executives Should Understand:
 
 
« The US Pentagon Has Numerous Security Gaps
GCHQ Introduces Women Only Cybersecurity Training »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Edge Security

Edge Security

Edge Security is an information security research and consulting firm of expert hackers.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.