Skyhigh Networks analyzed cloud adoption in the financial services industry.
The average financial services company uses 1,004 cloud services, which comes as a surprise to many IT departments. When employees bring cloud services to the work environment for increased productivity and efficiency without the knowledge or approval of IT, they may not realise the risk they’re introducing to the organisation.
Just 7.0 percent of cloud services meet enterprise security and compliance requirements. Only 15.4 percent support multi-factor authentication, 2.8 percent have ISO 27001 certification, and 9.4 percent encrypt data stored at rest. The average financial services company uploads 5.9 TB to the cloud each month, and without proper controls, this data could be at risk.
By far, the most popular cloud category in finance is collaboration. The average financial services company uses a dizzying 195 collaboration services, including Microsoft Office 365, Gmail, and Evernote. Of course, using this many collaboration services can actually create silos and impede collaboration. Collaboration services are followed by development.
The average finance employee uses 31 distinct cloud services including 8 collaboration services, 5 file sharing services, 3 social media services, and 3 content sharing services.
What’s troubling is that each employee is tracked on average by 4 marketing analytics and advertising services. These services are used to deliver targeted ads to users across the Internet but they are also increasingly used by cyber criminals to determine the sites finance employees frequent most. Armed with this information, criminals attempt to compromise these sites in order to ultimately compromise a target financial services company in what’s known as a “watering hole attack.”
Researchers found that 94.3 percent of financial services companies have exposure to compromised credentials. This number is higher than the overall average of 91.7 percent across all industries, and 15.5 percent of finance employees have at least one compromised credential, compared with just 11.2 percent across all industries.
Anecdotally, they identified one financial services company with 7,395 compromised credentials. Considering that just 15.4 percent of cloud providers offer multi-factor authentication that can make it more difficult for attackers to exploit stolen credentials, they recommend financial services companies use strong, unique passwords for each cloud service and change them regularly or adopt an enterprise-ready single sign-on (SSO) solution to limit exposure to compromised credentials.