By Barry Cashman, Regional Vice President for UKI at Veritas Technologies
As the Greek philosopher, Heraclitus, is famously quoted saying, “change is the only constant in life”. This was all too true when businesses were faced with a global pandemic that no one could have seen coming. In order to adapt and keep afloat during such unprecedented times, businesses needed to innovate fast, but their security measures struggled to keep pace. Financial services organisations were especially stretched by these challenges, as employees shifted to new remote working patterns, more services moved online, and new products were introduced at speed, without the necessary steps taken to ensure all the new technologies that were added were protected.
This created a ‘vulnerability lag’, where systems and data have been left unprotected and open to attack. And while businesses were right to prioritise continuity for customers and empowering the shift to remote working, the time has come to redress the balance between rapid innovation and security, to protect from increasingly sophisticated cybercriminals.
The hard facts
Cybercrime is set to cost the global economy $10.5 trillion annually by 2025. Industry research reveals that, in the UK, the average cost of a ransomware attack is around £1.5 million. All things considered – the potential regulatory penalties, the impact of downtime, the cost of losing data that may be irretrievable – the financial repercussions for failing to protect your data could be crippling.
But the cost of an attack often goes far beyond the monetary value a company will pay out in potential ransom payments and penalties for regulatory non-compliance. Trust is the biggest loss a company could ever face – when customers lose their trust in an organisation to secure and protect their data, it’s very difficult to win it back, especially for an industry such as financial services.
Building an industry on collecting and using highly sensitive customer data is a double-edged sword – while financial services companies can take advantage of a vast pool of valuable customer data to offer personalised services and explore new revenue streams, if this data falls into the wrong hands, it could damage livelihoods beyond repair. This makes the industry a very attractive target for cybercriminals.
Many financial services organisations globally are not managing their data as well as they could be. According to recent Veritas research, companies in the financial services space are more likely to be struggling to keep pace with their security than those from most other sectors, with nearly half (48%) stating that their data security is lagging behind their digital transformation deployments. The average across all industries is 39%.
Further, financial services organisations that want to eliminate their vulnerability lag within a year would need to spend on average an additional £1.99 million and hire 29 new members of IT staff each. £1.99 million is 5% more than the average required across all sectors, which may be disappointing news for IT leaders in the sector, given that they already typically spent 19% more than their peers on IT initiatives last year.
Surviving any kind of ransomware attack always starts with understanding your data – what it is, where it is and what it’s worth. Yet, most businesses lack clarity about the data they might need to protect, with the average UK organisation admitting that 39% of the data their organisation was storing is “dark” – that is to say, they don’t know what it is – and that a further 51% is Redundant, Obsolete or Trivial (ROT).
A light at the end of the tunnel
While the pressures that rapid digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly attractive target to hackers may have meant that the industry has felt them more acutely. With hackers beating at the door and limited resources to push them back, as well as tightening industry regulations, it can feel like the IT teams are between a rock and a hard place.
But astute IT leaders are partnering with data protection providers that can minimise the admin burden of data protection through simplified tools leveraging artificial intelligence (AI) and machine learning (ML). Taking this approach can help financial services organisations accelerate their security rollouts and stop their protection infrastructure from lagging behind their digital transformation.
Allowing AI and ML to take on the time-consuming manual processes also enables skilled IT team members to focus on innovation projects, rather than on playing ‘catch up’. Ultimately, these processes can still be human-governed, with AI doing the leg work.
Despite any company’s best efforts, ransomware attacks are a matter of ‘when’ rather than ‘if’, so knowing ‘when’ becomes absolutely critical. What distinguishes one victim from another is their ability to resist and bounce back.