Global financial firms are deployoing IoT technologies at a rapid pace, but a majority of them are doing so without deploying adequate data security levels.
Half of all global financial firms have suffered data breaches in the past year, with cyber criminals topping the list of threats.
A survey conducted by leading cyber security and data security firm Thales has revealed that global financial firms are so much in haste to deploy cloud services, container solutions, and advanced IoT concepts, that almost 3 in 4 of them will do so even without having adequate levels of data security in place.
Financial firms in the UK that are willing to deploy cloud services without having adequate levels of security in place could fall foul of the upcoming data protection law. The law will empower the Information Commissioner’s Office to levy fines of up to £17 million, or 20% of global turnover, on firms that lose customer data as a result of non-compliance of data security practices.
‘While the financial sector has made substantial technological advances, it’s still tied to security solutions that worked in the past but aren’t necessarily the most effective at stopping modern attacks,’ said Garrett Bekker, principal analyst for information security at 451 Research.
‘There are a number of data security technologies – such as encryption and key management solutions – that could arguably do a better job of protecting data, particularly data being used in cloud, big data and IoT environments,’ he added.
A survey conducted by Thales in conjunction with 451 Research revealed that while 92% of global financial firms will deploy advanced technologies in the near future, as many as 73% will do so in advance of having appropriate levels of data security in place.
A majority of those (60%) who responded to the survey stated that they viewed privileged access as the principal insider threat to their firm’s data security. Almost half of them (48%) also felt that their firms’ executive staff were at fault and 38% believed third-party contractors played a role in data breaches suffered by their firms.
Among external threats, 40% of respondents said that they viewed cyber criminals as the biggest threat, followed by nation states, hacktivists and business competitors.
Despite such threats and the challenges posed by upcoming cyber security regulations like the GDPR in Europe and the DPL in the UK, only 42% will increase spending on data-in-motion and 40% on data at rest defenses, said Thales. The survey revealed that a majority of global financial firms will invest in network security and endpoint security solutions, despite the former two concepts proving more effective at preventing data loss.
‘As digitisation continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data – wherever it is created, shared or stored,’ said Peter Galvin, vice president of strategy at Thales e-Security.
Thales suggests that enterprises should select data security platforms that address a variety of use cases, emphasize ease-of-use, and offer encryption. At the same time, financial firms should invest in security tools that include automation to reduce complexity and implement security analytics and multi-factor authentication solutions to help identify potential threats.