Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

Selfie-awareness: the cyber risk going undetected in banks

Selfie-awareness: the cyber risk going undetected in banks

By Ben Bulpett, EMEA Identity Platform Director, SailPoint

The nature of the financial services industry is evolving rapidly. Accelerated by the impact of COVID, the digital customer experience has become a key differentiator for banks, particularly as big players seek to stay relevant against more nimble challenger counterparts. One method in particular is the use of selfies for identity verification. Monzo has offered this for some time, requesting a selfie video, taken from a smartphone, as part of the customer application process. Now, the industry is more widely adopting the approach for ease and convenience – just last month, the Financial Conduct Authority began allowing selfies as a valid form of identity verification.

But this raises cyber security concerns that mustn’t be ignored – especially given how much of a target banks are for criminals seeking to get their hands on lucrative assets. Selfies, videos, audios, even email files, add to the millions of sensitive financial and personally identifiable information which financial institutions are processing each day. Such data is unstructured – where organisations lack real visibility into where the data lives, and who owns it. All of this leads to security vulnerabilities, paving the way for hackers to get their hands on sensitive information without being detected.

So, how can banks effectively mitigate against these risks?

Into the unknown 

Securing unstructured data is relatively new territory for organisations. Our recent research, where 16% of the respondents came from financial services, found three quarters (76%) had encountered challenges with protecting unstructured data. This included unauthorised access, data loss and compliance fines. What’s more, almost every company surveyed reported difficulties in managing access to unstructured data, citing not just lack of visibility, but also too much data and a lack of single access solution for multiple repositories. 40% admitted to not knowing where the unstructured data was stored.

Banks cannot afford to be caught out by unstructured data. Companies may be spending record sums on cybersecurity to protect the digital transformation that has accelerated so rapidly over the past year – but it’s a wasted effort if the most pressing threats like unstructured data aren’t properly attended to. And these threats are evolving in new and sophisticated ways – last year, fake audio and video content ranked in the top 20 ways criminals use AI.

Securing unstructured data with identity

Organisations must maximise visibility into where vulnerabilities lie. Crucial to this is prioritising user access rights across all data – structured and unstructured. Our research found this is currently not the case, with one-third of companies lacking real-time alerts when unauthorised access occurs within unstructured data, and a quarter of companies failing to perform regular reviews of user access privileges. Without visibility over who has access to what, and when, hackers could be operating unnoticed.

To combat this threat, identity security must be extended at the implementation stage to manage data access. This security practice ensures security and compliance – automatically – while feeding real-time alerts to the IT team where potential vulnerabilities lie – making them far better equipped to monitor for or respond to a breach.

We recently worked with South African financial institution Nedbank to protect unstructured data on file shares and other sites across the organisation. This meant replacing disparate legacy systems with an identity platform which regularly automates access reviews. This is helping data owners to manage secure access to their data – providing a clear picture of where different types of data resides, and who from their workforce has access to what. With safe and secure access provided to over 33,000 people, Nedbank is now far better equipped to monitor for or respond to a breach.

Visibility across all access points

Unstructured data about customers will continue to be created as banks build on the digital customer experience. But it is crucial financial institutions recognise and deal with the risks, prioritising this in the same way as meeting constantly evolving regulatory demands. To ensure protection of data, banks must have visibility and governance across all potential access points.

Continue Reading