Data breaches in Financial Services on the rise globally

Almost half (49%) of global financial services organizations have experienced a data breach in the past, according to the 2017 Thales Data Threat Report, Financial Edition, released today. The report, issued by Thales, a leader in critical information systems, cybersecurity and data security, in conjunction with analyst firm 451 Research, also reveals 21% have been breached multiple times and that 90% feel somewhat or more vulnerable to data threats. As a result, 78% are increasing spending to protect their critical data.

Financial services organizations are engaging in digital transformation making the leap from legacy applications to technologies and applications that reflect changing consumer preferences and marketplace pressures. These changes have created new data security challenges. This year’s findings reflect an industry contending with an evolving regulatory landscape, digital transformation involving new technological demands and being a continued threats from  cybercrime:

•  Almost all (92%) of global financial services respondents will deploy advanced technologies (IoT, cloud, big data and container solutions) this year, yet almost three-quarters (73%) do so in advance of having appropriate levels of data security in place
• 60% of global financial services respondents cite privileged users as the biggest insider threat, followed by executive staff (48%) and contractors (38%)
• At 40%, cybercriminals top the list as the top external threat actor, followed by nation-states (18%), hacktivists (16%) and business competitors (13%)
• 53% will increase investments in network security and 64% in endpoint security solutions, while only 42% will increase spending on data-in-motion and 40% on data at rest defenses – despite its proven effectiveness at preventing data breaches
• Almost two-thirds (72%) of global financial services respondents say they are affected by data privacy regulations (such as the GDPR in Europe), and 66% say encryption is the top control planned to address these requirements
• Almost half (49%) would increase their cloud deployments if cloud service providers (CSPs) offered encryption in the cloud with enterprise key control, and 42% say encryption is the top security control needed to increase container usage

 Garrett Bekker, principal analyst for information security at 451 Research says:
“While the financial sector has made substantial technological advances, it’s still tied to security solutions that worked in the past but aren’t necessarily the most effective at stopping modern attacks. There are a number of data security technologies – such as encryption and key management solutions – that could arguably do a better job of protecting data, particularly data being used in cloud, big data and IoT environments.”

Peter Galvin, vice president of strategy, Thales e-Security says:
“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers. As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data – wherever it is created, shared or stored.”

Best practices and recommendations

Financial services organizations seeking ways to meet compliance and adopt advanced technologies—all while remaining secure—should:

• select data security platforms that address a variety of use cases, emphasize ease-of-use, and offer encryption, enterprise key management, access control and security intelligence to avoid the intricacy and high costs of implementing multiple data-security solutions;
• invest in security tools that include automation to reduce complexity; and
• implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.

Please download a copy of the new 2017 Thales Data Threat Report, Financial Edition for more detailed security best practices.