Rush to embrace innovative technologies is creating new attack surfaces via cloud, IoT, mobile, blockchain, machine learning and AI
Thales, a leader in critical information systems, cybersecurity and data security, announces that digital transformation is driving turmoil among U.S. financial services organizations and leaving sensitive data at risk according to its 2018 Thales Data Threat Report, Financial Services Edition.
Digital transformation brings risk with reward
The U.S. financial services industry has hastily entered the digital transformation era, but this is not balanced with appropriate security measures. Almost two thirds (65%) of U.S. financial services organizations have now suffered a data breach, with 36% having suffered a breach in the past year – and that figure has more than doubled in the past two years.
Every piece of information used to run a financial services business creates risk – financial data in accounts and investments, personal data on account holders. Add to that new technologies including cloud, containers, mobile payments, blockchain, IoT, machine learning and AI – and while these might help meet the increased consumer and business demands for improved services and experience, the industry opens itself up to new avenues for attacks and breaches.
Cloud usage with sensitive data is especially high in the financial services industry at 85%. Multiple cloud usage is also high with 64% of organizations using more than 25 SaaS applications and 57% using 3 or more IaaS vendors. This creates a new problem of how to secure data cross multiple cloud deployments.
Stop Groundhog Day: put the money where the risk is
Security spending is up but not aligning with the new risks. While 84% of organizations report a spending increase on IT security, and 33% registering a significant increase, they are not spending IT security dollars where they matter most. The majority (88%) of IT security pros acknowledge data-at-rest defenses are most effective at protecting data, but only 58% registered a spending increase for those specific tools. Fifty-six percent recognized encryption as the top tool required to increase cloud usage and 71% recognize that managing encryption keys across multi-cloud environments is a problem that needs to be solved.
Garrett Bekker, principal analyst for information security at 451 Research says:
“A common theme we have observed across virtually every vertical and geographic market in the Thales 2018 Global Data Threat Report also held true for U.S. financial services: namely spending the most on defenses deemed least effective. This creates a Groundhog Day phenomenon where the times have changed, but security strategies have not. Organizations need to change how they protect their data. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient safeguards. The good news is that the financial services industry understands the problem and recognizes the need for encryption to protect sensitive data.”
Peter Galvin, chief strategy officer, Thales says:
“Digital transformation as well as the increased number and sophistication of attacks, all combine to leave the data belonging to financial services organizations at risk. Encryption is proven to be the most effective technology to protect data, wherever it resides, as well as help meet compliance mandates. As new technologies such as cloud IoT and mobile payments are increasingly adopted by financial organizations looking for a competitive edge, the security risks they bring must be addressed.”