Ashesh Thanawala | Sales Director – India & SAARC
In an unprecedented global crisis such as COVID-19, organisations that have implemented new technologies and put together a cohesive approach to their business continuity and crisis management planning seem to be faring a lot better.
This is particularly true for financial institutions that now face new cybersecurity challenges due to the pandemic. As per the latest Modern Bank Heists Report, the COVID-19 pandemic has been connected to a whopping 238% surge in cyberattacks against banks across the globe.
Since a data breach can significantly impact multiple functions within an organisation, data protection should be the responsibility of every department in addition to the executive team to ensure seamless business continuity.
To illustrate this further, here is how data breaches can affect crucial functions in a financial institution:
1. Finance
According to the ‘2019 Cost of a Data Breach Report’ conducted by the Ponemon Institute, the average cost of a data breach is slated at USD 3.92 million globally and USD 1.80 million in India. These numbers are testimony to the significant financial damage any incident of a data breach can cause to an organisation.
2. Legal
Most data protection regulations like General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), Reserve Bank of India’s Gopal Krishna Committee Report, etc. mandate strict processes to be followed for protecting sensitive data and prescribe stringent penalties for non-adherence.
Non-compliance to these legal mandates can cost a company dearly as recently experienced by Italian telecommunications operator TIM that was slapped with a penalty of €27.8 million by Italian Data Protection Authority, Garante, for GDPR violation.
In India, the upcoming Personal Data Protection Act prescribes a stiff penalty of four percent of a company’s global turnover or Rs. 15 crores; whichever is higher, for non-compliance to regulatory mandates of data protection.
3. Line of Business (LoB)
Data breaches can drastically compromise core business applications like credit management systems, customer relationship management (CRM) systems, credit/debit card database systems, etc. The unavailability of these critical applications (which are often targeted by hackers) can cause a significant loss of customer trust and business.
With such a backdrop, it is paramount for financial institutions to build their cyber resilience with appropriate tools and solutions.
The Way Forward
Mitigating data risks depends on strategic investments in data protection technologies and adopting best practices in cybersecurity.
Here are three best practices to build immaculate cybersecurity for optimal enterprise data protection.
1. Encrypt Sensitive Data
Search the file servers, applications, databases, and virtual machines for data-at-rest and track the data-in-transit that flows through the corporate network between far-flung locations. Once this sensitive data is identified and tracked, encrypt it so as to render it useless to hackers in the event of a cyber attack.
2. Securely Store and Manage Encryption Keys
Encryption keys pass through multiple stages during their lifetime – like generation, distribution, rotation, archival, storage, backup and destruction. Managing these keys at each stage of their lifecycle through a centralised key management solution is critical for data protection.
3. Implement Robust Access Management Policies
Implement strong access management policies to prevent unauthorised access to the encrypted data and encryption keys. This becomes especially important in remote working conditions to ensure that only authorised personnel can access sensitive data on a need-to-know basis.
How Thales Helps In Optimal Data Protection
Thales has been at the forefront of helping organisations cohesively protect their enterprise data and continue business-as-usual even in crisis situations.
Thales’s data encryption and key management solutions protect sensitive data across devices, processes, platforms and environments while meeting all regulatory mandates.
To find out more, please watch this short video on encryption solutions to protect against today’s internal and external threats.