Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

By Paul Darby, Regional Manager EMEA, Vidder

Paul Darby

Paul Darby

Over the last few months, a number of legislative and regulatory changes in relation to the threat of cyberattacks have been announced that will affect bank clearing housesin the UK. From May 2018 they will be required to complete regular cybersecurity reports, putting regulations more in line with EU directives around critical infrastructure. This follows the finalisation, in 2016, of a new Network and Information Security Directive (NIS) which sets out cybersecurity obligations, including incident reporting, for operators of essential services and digital service providers.

While there remains uncertainty over exactly how the NIS will impact firms operating in banking and financial services, the message is clear; cybersecurity presents an increasing risk and companies across the financial sector need to take it even more seriously as attacks become more sophisticated.

According to the Verizon 2017 Data Breach Investigations Report, 24% of all breaches are in the financial services industry. Despite the fact that cyberattacks are on the increase and there is considerably more attention given in the media to the risk of ransomware in particular, too many organisations are still using security solutions that were architected before the entrance of state sponsored attacks that can spread globally in days. The report claims that companies are choosing to accept the risk of an attack that will necessitate a ransom payment instead of investing in suitable security precautions.

Part of the difficulty in protecting against cyberattacks is that traditional security systems have become less able to protect today’s networks. Finance companies, like other enterprises, benefit from the digital revolution which allows employees, partners and customers to access information remotely and through a wide variety of devices. To keep this access secure, the solutions tend to focus on traditional network and perimeter chokepoints, forcing security managers to focus their resources on constantly tuning firewalls whilst maintaining larger access control lists with more complex access policies as networks grow in complexity. Yet once a device or user account has been compromised, predatory malware can migrate behind the perimeter and breach sensitive systems as witnessed with the recent Petya and WannaCry attacks.

But networks are moving into the cloud, which means that security processes need to change to match even more complex enforcement requirements, putting more pressure on security solutions and those who administer them.

Traditional network and endpoint security solutions are no longer enough to protect critical applications from untrusted users and devices, whether they are local or remote.  With the exponential growth of access points, the control of access at the perimeter of the network is the most effective approach for the protection of data and critical services, yet the very notion of the perimeter is changing due to digitalization and IoT.  Unless they can block untrusted users and devices from the larger and more complex network, security departments are forced to address breaches reactively, which is less efficient and more expensive, and gives hackers a first mover advantage.

One way to control access and address growing cyber threats is to put in place more advanced trust criteria. Trusted Access Control powered by software defined perimeter (SDP) and trust assessment technology,will allow banks, clearing houses, insurance companies and all other organisations with critical financial data, to secure their networks with a single layer of protection that combines access enforcement with trust assessment. Access is granted based on trust via application-specific tunnels which are opened to specific services after trust is determined.

The result is enhanced security with less complexity and cost, versus adding more layers of hardware that cannot combine trust assessment with enforcement and therefore reduce protection while further increasing operating demands and making compliance audits more difficult.

Trusted Access Control has some significant benefits in this new reality of complex networks and advanced attacks. It is scalable and suits hybrid, growing networks. It centrally manages secure access from device and user to a specific application based on trust.It enables very granular access policies based on both a user and a device profile that are taken at the time the specific access is requested. Another advantage is that Trusted Access Control can protect applications regardless of where they reside – on premise, in a hybrid cloud and even in a public cloud.

As the industry is forced to withstand increasingly damaging cyberattacks, the necessity to find a solution that allows organisations to move away from a reactive to a more proactive and powerful approach becomes even greater. Tightening up controls by making access to critical systems based on trust assessment could not only provide a transformation in protection levels but also deliver a key strategic advantage by reducing cost and complexity.

Continue Reading

Recent Posts