Digital transformation, regulations impacting data security decisions at financial organizations

Almost half (49%) of global financial services organisations have experienced a data breach in the past, according to the 2017 Thales Data Threat Report, Financial Edition. The report also reveals 21% have been breached multiple times and that 90% feel somewhat or more vulnerable to data threats. As a result, 78% are increasing spending to protect their critical data.

Financial services organisations are engaging in digital transformation making the leap from legacy applications to technologies and applications that reflect changing consumer preferences and marketplace pressures. These changes have created new data security challenges.

Key findings

This year’s findings reflect an industry contending with an evolving regulatory landscape, digital transformation involving new technological demands, and threats from cybercrime:

• Almost all (92%) of global financial services respondents will deploy advanced technologies (IoT, cloud, big data and container solutions) this year, yet almost three-quarters (73%) do so in advance of having appropriate levels of data security in place
• 60% of global financial services respondents cite privileged users as the biggest insider threat, followed by executive staff (48%) and contractors (38%)
• At 40%, cybercriminals top the list as the top external threat actor, followed by nation-states (18%), hacktivists (16%) and business competitors (13%)
• 53% will increase investments in network security and 64% in endpoint security solutions, while only 42% will increase spending on data-in-motion and 40% on data at rest defenses – despite its proven effectiveness at preventing data breaches
• Almost three-quarters (72%) of global financial services respondents say they are affected by data privacy regulations (such as the GDPR in Europe), and 66% say encryption is the top control planned to address these requirements
• Almost half (49%) would increase their cloud deployments if cloud service providers (CSPs) offered encryption in the cloud with enterprise key control, and 42% say encryption is the top security control needed to increase container usage.

“While the financial sector has made substantial technological advances, it’s still tied to security solutions that worked in the past but aren’t necessarily the most effective at stopping modern attacks. There are a number of data security technologies – such as encryption and key management solutions – that could arguably do a better job of protecting data, particularly data being used in cloud, big data and IoT environments,” said Garrett Bekker, principal analyst for information security at 451 Research.

Best practices and recommendations

Financial services organisations seeking ways to meet compliance and adopt advanced technologies—all while remaining secure—should:

• Select data security platforms that address a variety of use cases, emphasize ease-of-use, and offer encryption, enterprise key management, access control and security intelligence to avoid the intricacy and high costs of implementing multiple data-security solutions
• Invest in security tools that include automation to reduce complexity
• Implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.