Companies in every industry must implement robust cybersecurity strategy and technology, but the need is even more urgent in certain sectors. Cybercriminals have various drivers: sometimes politically motivated, other times simply vengeful. However, the overwhelming motivation for a cyber attack is money.
That’s why the financial services industry is such an irresistible target. Many companies in this sector are tasked with safeguarding a treasure trove of financial data — and resources — for businesses and individual stakeholders. So, their cybersecurity practices need to be airtight.
Yet a new report from the cybersecurity firm Lookout suggests that outdated practices are putting this data at risk. Lookout is on the Acceleration Economy Top 10 Shortlist of Cybersecurity Enablers.
To understand the shifting sands of how mid-market and enterprise CXOs are making purchase decisions to modernize technology, consider Acceleration Economy’s “Selling to the New Executive Buying Committee,” a Course designed to assist vendors, partners, and buyers in this process.
For the report “Rising Complexity Is Putting Data at Risk: Why the Financial Services Industry Needs To Rethink Security,” Lookout surveyed 365 IT and global security leaders, 42% of which represent companies with upwards of 10,000 employees. This analysis presents findings from that report and the suggested actions to develop a more bulletproof strategy.
Financial Services Pain Points
Lookout explains the traditional approach to cybersecurity in the financial services industry as centralized, where the corporate perimeter is the frontline of security defenses, and users gain access to business-critical systems through managed devices. However, as the results of the survey reveal, this approach is outdated.
In today’s financial services environment, data isn’t contained to internal infrastructure; with the proliferation of cloud applications, data is dispersed; users, who often work remotely, connect to corporate systems via unmanaged networks and devices (bring your own device or BYOD) and often without the knowledge of administrators (shadow IT). Furthermore, hybrid infrastructure is making the task of securing the now borderless perimeter even more complex.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
Results from the survey demonstrate how Lookout arrived at these conclusions:
- Of those surveyed, 82% described their organization’s current infrastructure as hybrid, with a mix of company data in the cloud and on-premises.
- The security environment has grown in complexity for 93% of respondents; 78% saw a slight change, while 15% saw significant growth in complexity.
- According to 55% of respondents, managing the complexity of multiple security tools and vendors is hindering their ability to protect data; 52% cited a lack of granular access controls; and 50% said visibility into cloud environments.
A more complex infrastructure gives attackers more opportunities to infiltrate systems, and this was reflected in the results of the survey:
- With regard to data breaches, 70% of respondents recorded an increase compared to previous years.
- Of those surveyed, 70% also reported having only partial visibility of who is viewing or using company data, while 16% reported scarce visibility. Partial visibility is defined as usually knowing which employees are viewing or using corporate data while scarce visibility is defined as sometimes knowing who has access to data, but there’s limited visibility into actual use.
- Among the factors reducing data visibility and control, 77% cited data sprawl across numerous applications, 61% cited shadow IT, and 43% indicated unmanaged devices and networks are a factor.
- The increased difficulty of detecting and mitigating threats is the biggest cloud data protection challenge, 47% said, while a mere 7% said they are highly confident in their ability to protect data from current and future cybersecurity threats.
Acceleration Economy practitioner analyst and CISO Chris Hughes has noted the ever-more-mobile workforce that characterizes most companies presents unique security challenges, consistent with concerns raised in the research around unmanaged devices and limited visibility into what data is being used and how. “Telemetry of access is going to be indicative of the behavior going on in an environment,” Hughes notes, and strong technology to manage mobile devices is an important factor when business and tech leaders evaluate vendors.
What’s the Solution?
Aaron Cockerill, Chief Strategy Officer at Lookout, explained some of the ways companies operating in the financial services industry need to change as shadow IT and BYOD practices proliferate.
“To effectively address this challenge, organizations need to acknowledge and confront the overconfidence bias that has traditionally driven a strict focus on data control,” Cockerill says.
In the past, these firms looked to keep data within boundaries and limit access to managed devices but that’s no longer practical. “Financial institutions must swiftly adapt and adjust their approaches to safeguard valuable data without compromising the productivity gains offered by the cloud-driven environment.”
