Data Security in Financial Services: Challenges and Solutions – Part 2

General

Data Security in Financial Services: Challenges and Solutions - Part 2

Risk Management leads the Way

Cyber criminals seem to be having a field day with the technological advancements of our times. Open network technologies are a major contributing factor in malevolent online activities because they enable quicker and flexible operations. This gradually throws the doors open to hackers and their ilk. Technology infrastructure has now developed enormously, such that it encompasses mobility, virtualization and cloud computing.

With each passing year, cyber criminals have invented newer methods to strike at the heart of financial institutions. Today’s threats are complex, difficult to identify and are launched through a variety of channels. Only those firms that have a comprehensive understanding of the nature of the beast, as it were and their vulnerability and methods to manage cyber-risk will succeed.

One has often heard the phrase: “To get into the mind of a criminal”. This is applied in practice to understand how an anti-social person operates. Similar tactics must be applied in the financial industry too and risk management is the answer. But it should be risk management in a new avatar—one that covers the full ambit of sophisticated cyber-attacks.

According to the World Bank, United States Secret Service (USSS) and Federal Bureau of Investigation (FBI), financial sector threats are designated as a singular and omnipresent electronic criminal activity. There are economic as well as national security interests involved; therefore, heads of financial firms must strive to gain deep insights into cyber-threats and devise ways to meet those challenges. Financial institutions have the potential to see an outsized impact from data breaches when compared to other business sectors.

Will Technology suffice to meet Cyber challenges?

Almost all companies would be tempted to believe that investing in the latest technology will ensure the prevention and data loss and allied cyber-threats. Unfortunately, this is not true—just as a lock on the front door will not provide much security against a determined burglar!

But what if you had security personnel guarding your house round the clock? That would put you much more at ease, wouldn’t it? The same is true of firms as well. People are a precious resource and that’s where the monies should go—on skilled workers. In addition to this, established processes must be monitored and course-corrections have to be made to make sure that existing technology is utilized to the hilt. Technology is only as good as the humans behind it.

Protecting customer data has become ever more challenging with the proliferation of mobile devices. PII (personally identifiable information) is on the move, and security has to move with it—from the data center to the device. Private clouds and public/private hybrids offer considerable cost efficiencies and greater flexibility but can increase risk without the right defensive strategies in place.

Methods to Prevent Data Loss

To effectively manage data loss risks, clear business objectives should be defined to drive the DLP program. These objectives should cover the following items as a minimum:

  • Prevent the intentional or unintentional disclosure of sensitive data at rest, in use or in motion to unauthorized parties
  • Maintain adequate security and provide usability
  • Protect customer data and brand reputation
  • Protect personally identifiable information and intellectual property
  • Reduce the organization’s risk and cost of compliance

Conclusion

Data volume has been increasing exponentially. According to technology research firm IDC, by 2020 the data we create and copy annually will reach 44 zettabytes or 44 trillion gigabytes. Such mind-boggling numbers have heightened the threat of cyber-attacks on financial services firms and other institutions like never before. Companies are racing to introduce robust security measures to thwart the attempts of malicious individuals who seek to gain access to sensitive information and thereby disrupt the normal functioning of businesses by causing losses of billions of dollars.