What Financial Services Executives Need to Know About Data-Security

The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. 
 
The industry is known for its wide array of interconnected systems and the processing of millions of transactions, factors that render it particularly vulnerable to attack. As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. 
 
In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%). 
 
Regulators are reacting quickly. For example, the US Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. 
 
Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 US financial services executives surveyed by Forbes Insights are currently using encryption technology. But getting ahead of hackers requires knowing the dangers that lurk outside an organisation. Here are the top three threats facing the financial services industry:
 
1) Web Application Attacks
Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.
 
2) DDoS Attacks
Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.
 
3) Insider Threats
Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Often-times, unwitting workers fall victim to phishing scams or accidentally download malware. 
However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months, sometimes years, to detect.
 
Safety Practice 
Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimise legal exposure. To do so, consider the following steps:
 
• Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
• Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
• Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches. 
 
In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise.  However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.
 
Forbes
 
You Might Also Read:
 
5 Cyber Threats Executives Should Understand:
 
 
« The US Pentagon Has Numerous Security Gaps
GCHQ Introduces Women Only Cybersecurity Training »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Synack

Synack

Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

GuardianKey

GuardianKey

GuardianKey is a solution to protect systems against authentication attacks.

LuJam Cyber

LuJam Cyber

LuJam Cyber is a cybersecurity company that provides protection to SME Networks.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Sevatec

Sevatec

Sevatec’s Active Cyber Defense (ACD) methodology proactively defends against adversarial kills chain, addressing active and emerging threats while reducing program vulnerabilities and risks.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

IONIX

IONIX

IONIX is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your real attack surface and its digital supply chain.