Thales Blog

Turning Aspiration into Action to Protect Financial Institutions

December 4, 2019

Tina Stewart Tina Stewart | VP, Global Market Strategy More About This Author >

It’s speculated that $10 million is still unaccounted for from one of the most lucrative robberies in U.S. history. The 1997 Dunbar Armored truck depot heist netted $18.9 million when six aspiring conspirators executed a well-laid plan that included deep insider knowledge and hoax alibis.

While this event is still considered one of the most grandiose thefts, financial institutions today collectively face digital attacks that easily rival it. Theft and other data security incidents cost financial institutions millions of dollars and result in more consumer records being lost or stolen, year after year. The fact is, bad actors make plans and prey upon unprotected data – a very valuable currency.

Data security professionals also make ambitious plans, but implementation rates are too low – a key finding in the 2019 Thales Data Threat Report-Financial Services Edition. IDC, which surveyed 1,200 IT decision makers for the report’s research, notes that security professionals are often “…more ambitious than realistic…” in the adoption of plans. Security professionals know adequate security requires encryption, tokenization, authentication, and access management, so why are their good intentions too often sidelined? The barriers are very real, but not insurmountable.

Here’s a look at four common issues highlighted in the 2019 Thales Data Threat Report-Financial Services Edition and tips for overcoming them.

Compliance v. Security

Financial institutions deal with a bevy of regulations that govern data protection and with stringent new regulations (such as the California Consumer Protection Act coming January 1), compliance is top of mind. But a prevalent “pass the audit” mentality is actually a barrier to security because it creates a false sense of security. Being “in compliance” doesn’t necessarily equate to full data protection. Proactive security is a 365-days-a-year job and those in charge of security must go beyond basic government requirements to stay a step ahead of cybercriminals.

Multi-Cloud Complexity

The report also found that financial institutions are rapidly implementing complex hybrid and multi-cloud environments. In fact, almost all (93 %) of the respondents have more than 10 SaaS environments. Further exacerbating this challenge, half of the respondents say they’re aggressively disrupting markets with transformative technologies. Bottom line: the legacy perimeter approach no longer works. Financial services providers need to implement solutions that span legacy concerns as well as modern, cloud-based digital transformation technologies. Embracing an agile security architecture will help protect against unforeseen vulnerabilities inherent in the launch of new products, services, and customer accessibility.

Encryption Key Custodianship

The study found that encryption rates for U.S financial organizations were quite low, coming in at 31% or less. In addition, it was clear that cloud security concerns are prevalent, and rightfully so. Vulnerabilities exponentially increase in shared infrastructures and a lack of control over data location was named a top concern by respondents. Ambiguities exist around who is ultimately responsible for data security in supplier clouds, as evidenced by many recent high-profile breaches. When financial institutions retain custodianship of their own encryption keys, they maintain more control over security and ultimately protect the valuable relationships they have with customers.

Aspirational Desires and Budget Realities

IT departments are being asked to do more, with less. According to the report, the rate of growth of security spending by U.S. financial services organizations is slowing. Only about half of respondents (54%) say spending is increasing, down a whopping 30 percentage points from 84% as reported in Thales’s study last year. CFOs are questioning the ROI of security spending and security professionals must identify solutions that enable them to address multiple layers of security concerns in a cost-effective manner. “As-a-service” and “platform” solutions that cross environments can help eliminate much of this complexity and cost, making the job more manageable.

Security professionals in the financial services sector face a multitude of challenges when it comes to data security. The proliferation of cloud adoption, the advancement of open banking systems and strict data privacy regulations are just a few. That is why encrypting everything and adopting the right tools and technology are important steps to take when it comes to protecting sensitive data and mitigating risk.

For more key findings and security best practices, please download a copy of the 2019 Thales Data Threat Report – Financial Services Edition. We also will be hosting a webinar about “The State of Data Security in Financial Services” on Thursday, Dec. 12 at 2:00 p.m. ET. To join, please visit our registration page.