Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


How Financial Services Firms Can Mitigate Against Their Top Data Security Threats

By Martin Ward, Director, Security Governance Risk and Compliance, iManage

Sensitive data is the coin of the realm for financial services firms. Unfortunately, this makes them a prime target for bad actors of every stripe who are looking to get their hands on that data.

A recent security report indicates that cyber-attacks continue to plague the financial services sector, with ransomware attacks making up a vast portion of the reported security incidents. Meanwhile, at a gathering earlier this year of the chief executives of the six largest banks in the United States, cybersecurity was named as the greatest threat to their companies and the wider financial system.

Given this unforgiving landscape, how can firms best mitigate and guard against the persistent threats to their data?

Understanding Where Risk Actually Lies

One of the first steps firms should take is to carefully scrutinise the cloud services they’re utilising. That’s because as more and more financial services firms have embraced the cloud, a transference of risk has occurred: out of the organisation to the cloud vendor, with the cloud vendor responsible for the lion’s share of security controls.

The bad guys are aware of this shift, and they’re adjusting their attack methodologies accordingly, to focus on the weak links in the supply chain. For instance, how are IT services being delivered? What platforms are being leveraged? Who’s providing IT support for the service?

By taking the time to understand the ins-and-outs of those IT services and where the weak points are, bad actors have a better chance of successfully targeting the sensitive data that the services manage. Incidentally, this is the same general strategy that was employed in the SolarWinds hack earlier this year that targeted government agencies and Fortune 500 companies alike.

Since 85% of all data breaches involve some type of social engineering or human element, the ability of a cloud vendor to mitigate against that element is one of the most important areas. Clouds that are built around a Zero Trust model are – to a large extent – able to engineer out this human element. A Zero Trust framework assumes absolutely no level of trust, whether that’s trust of networks, trust between host and applications, or even trust of super users or administrators.

The effectiveness of this Zero Trust framework, however, is dependent upon it also incorporating a Zero Touch approach. Zero Touch uses automation to take the human out of the equation for everything from routine server maintenance and patching, to more advanced troubleshooting.

This “hands off” approach ensures that no human actually has hands-on access to sensitive data, helping to “automate out” the weakest link – and giving financial services firms greater confidence that the service they’re utilising on a daily basis is secured at the highest possible levels.

Safeguarding Remote Work

The risk that the “human element” presents isn’t limited to the cloud vendors that financial services utilise. Financial services firms also need to make sure they’re protecting against any intentional or unintentional damage that the consumers of those cloud services – their employees – might potentially cause.

Mitigating this element has become considerably more difficult over the last 18 months since large numbers of those employees have been working remotely, outside the four walls of the firm, which greatly increases the risk level.

For starters, home networks are inherently more insecure than corporate networks. They simply don’t have the same security controls in place – which means the likelihood of some type of malware getting on that home network and then providing a backdoor into the corporate environment increases. In fact, users are three and a half times more likely to have malware on their home PC’s than on their office devices. All it takes is one wrong click on a carefully crafted spear phishing email or text message for malware to propagate across the system.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts