According to a survey by Verizon, the financial services industry experiences 35% of total data breaches. This is the highest percentage of any sector. It’s therefore unsurprising that many industry commentators are saying that cyber security is now a top priority.
The UK Government’s latest cyber security survey found that senior managers in the finance and insurance sectors were more likely to consider cyber security a priority than those working in other areas.
This focus seems to be paying off – a survey carried out by Accenture towards the end of 2018 found that cyber resilience in the financial services sector has improved, with businesses stopping 81% of attacks that year, compared to 66% in 2017.
However, there is still room for improvement – only 18% of firms responding to the survey claimed to have “significantly increased their cyber security spend over the past three years”. This is a worrying trend: as hackers continue to develop more advanced techniques, businesses will need to keep up with their defences.
We’re nearly halfway through 2019 and there are a number of key issues that have come to the forefront of data security:
1. IOT and BYOD insecurities
As the use of the Internet of Things increases, so will the risks to security. Hackers are able to take advantage of network insecurities caused by IOT and personal devices, including wearable tech. Smart devices with insufficient security act as unsecured end points that can be easily used by cyber criminals, while personal mobiles or smartwatches infected with viruses can spread them to a company’s system. Expect to see companies crack down as attacks become more widespread.
At the time of writing, the Information Commissioner’s Office (ICO) had fined 10 companies over £1 million in total during 2019. Although these have been issued under the Data Protection Act rather than under GDPR, they show that the organisation is actively pursuing breaches and issuing fines. At Coeo's latest Chief Data Officers' Network event, members discussed the disconnect between some compliance teams (who believe that proper data protection policy is in place) and technical staff (who question whether the policies are being applied). Companies need to ensure that not only are processes are in place but also that all staff are aware and actively following them.
Organisations can mitigate the risks of cyber-crime by ensuring all staff have basic training, and they may also choose to train their IT teams to combat a lack of in-house cyber security knowledge and help ensure critical systems are well protected. Ensuring that all staff are aware of tactics used by cyber criminals is especially important given the prevalence of phishing: at the start of 2019 80% of UK business that experienced an attack or breach were the victims of phishing scams.
Whilst attackers are using AI to hunt for vulnerabilities in company networks, organisations are now harnessing the tool to test for vulnerabilities to an even greater extent. Microsoft recently thwarted an attack using AI in Office 365.
The most important – and simplest – thing that your organisation can do is to make sure that all software is kept up to date. Yes, installing the latest updates to your laptop can seem time consuming, but they contain essential security patches that will protect you from attackers.
It’s also essential to carry regular reviews of cyber security controls and processes, to ensure that your business is doing everything it can to protect sensitive data. This is particularly important for ensuring you are compliant with standards such as GDPR.
As mentioned above, your business should also ensure that staff are aware of cyber security risks and what they can do to mitigate them, such as ensuring passwords are complex and avoiding phishing emails.
The security of your network and data storage itself are of prime concern when looking to protect sensitive data. Be aware of who has access to these networks and ensure end-points are adequately monitored. You’ll also need to ensure that you have security in place to prevent access to areas where data is stored.
Organisations running SQL Server 2008 and 2008 R2 should be aware that these will leave support in July 2019 and should look to migrate to platforms that will receive the necessary security patches to protect data.
Our team of consultants have a wealth of experience working with companies within the finance sector. We can help you design data platforms to ensure that they adhere to security best practice and meet industry regulations.
Our Dedicated Support team can work alongside your in-house team to manage SQL Server instances and ensure you are doing everything you can to restrict access to your data. The provide proactive monitoring 24/7, 365 days a year, to ensure that your systems are running at peak performance and that issues are dealt with as soon as they happen.