Financial institutions’ data at risk despite security spending

The rush to embrace innovative technologies is creating new attack surfaces through cloud, internet connected devices (internet of things), mobile, blockchain, machine learning and artificial intelligence (AI), according to a report by Thales eSecurity.

Digital transformation is driving turmoil among global financial services organisations and leaving sensitive data at risk, the latest Thales data threat report shows.

The report echoes the findings of a recent report by the UK Financial Conduct Authority (FCA), which said technology plays a pivotal and often innovative role in delivering and improving financial products and services to markets and customers, but it can also lead to harm if not effectively managed or kept secure.

Thales research reveals that despite a 78% increase in security spending, 65% of global financial institutions known to have been breached, with 28% reporting a breach in the past year alone.

According to the report, while new technologies help meet the increased consumer and business demands for improved services and experience, they also open up new avenues for attacks and breaches.

The report notes that cloud usage with sensitive data is especially high in the financial services industry at 76%. Multiple cloud usage is also high with 60% of organisations using more than 25 software as a service (SaaS) applications and 56% using three or more infrastructure as a service (IaaS) suppliers, creating new challenges to securing data across multiple cloud deployments.

The research shows that while security spending is up, it is not aligning with the new risks. For example, the majority (72%) of IT security pros acknowledge data-at-rest defences are most effective at protecting data, but the report said only 38% registered a spending increase for those specific tools.

Garrett Bekker, principal analyst for information security at 451 Research said a common theme observed across virtually every vertical and geographic market also held true for financial services.

“The financial sector is also spending the most on defenses deemed least effective. This creates a Groundhog Day phenomenon where the times have changed, but security strategies have not.

“Organisations need to change how they protect their data. With increasingly porous networks and expanding use of external resources such as SaaS and IaaS, traditional endpoint and network security are no longer sufficient safeguards. The good news is that the financial services industry understands the problem and recognises the need for encryption to protect sensitive data.”

The Thales research shows that 44% of financial sector respondents recognise encryption as the top tool required to increase cloud usage, while half of respondents recognise that managing encryption keys across multiple-cloud environments is a problem that needs to be solved.

Peter Galvin, chief strategy officer at Thales eSecurity said digital transformation as well as the increased number and sophistication of attacks, all combine to leave the data belonging to financial services organisations at risk.

“Encryption is proven to be the most effective technology to protect data, wherever it resides, as well as help meet compliance mandates. As new technologies such as cloud IoT and mobile payments are increasingly adopted by financial organisations looking for a competitive edge, the security risks they bring must be addressed.”