Thales, a leader in critical information systems, cybersecurity and data security, announces that digital transformation is driving turmoil among global financial services organisations and leaving sensitive data at risk, according to its 2018 Thales Data Threat Report, Financial Services Edition.
Digital transformation brings risk with reward
The financial services industry has hastily entered the digital transformation era, but this is not balanced with appropriate security measures. Almost two thirds (65%) of global financial services organisations have now suffered a data breach, with 28% having suffered a breach in the past year.
Every piece of information used to run a financial services business creates risk – financial data in accounts and investments, personal data on account holders. Add to that new technologies including cloud, containers, mobile payments, Blockchain, IoT, machine learning and AI – and while these might help meet the increased consumer and business demands for improved services and experience, the industry opens itself up to new avenues for attacks and breaches.
Cloud usage with sensitive data is especially high in the financial services industry at 76%. Multiple cloud usage is also high with 60% of organisations using more than 25 SaaS applications and 56% using 3 or more IaaS vendors. This creates a new problem of how to secure data across multiple cloud deployments.
Put the money where the risk is
Security spending is up but not aligning with the new risks. While 78% of global financial organisations report a spending increase on IT security, they are not spending in the right areas. The majority (72%) of IT security pros acknowledge data-at-rest defenses are most effective at protecting data, but only 38% registered a spending increase for those specific tools.
44% recognised encryption as the top tool required to increase cloud usage and half of respondents recongnise that managing encryption keys across multiple-cloud environments is a problem that needs to be solved.
Garrett Bekker, principal analyst for information security at 451 Research says:
“A common theme we have observed across virtually every vertical and geographic market in the Thales 2018 Global Data Threat Report also held true for financial services: namely spending the most on defenses deemed least effective. This creates a Groundhog Day phenomenon where the times have changed, but security strategies have not. Organisations need to change how they protect their data. With increasingly porous networks and expanding use of external resources (SaaS, PaaS and IaaS most especially), traditional endpoint and network security are no longer sufficient safeguards. The good news is that the financial services industry understands the problem and recognises the need for encryption to protect sensitive data.”
Peter Galvin, chief strategy officer, Thales eSecurity says:
“Digital transformation as well as the increased number and sophistication of attacks, all combine to leave the data belonging to financial services organisations at risk. Encryption is proven to be the most effective technology to protect data, wherever it resides, as well as help meet compliance mandates. As new technologies such as cloud IoT and mobile payments are increasingly adopted by financial organisations looking for a competitive edge, the security risks they bring must be addressed.”
For more key findings and security best practices download a copy of the new 2018 Thales Data Threat Report, Financial Services Edition.
Industry insight and views on the latest data security trends can be found on the Thales eSecurity blog at blog.thalesesecurity.com.
Follow Thales eSecurity on Twitter @Thalesesecurity, and on LinkedIn, Facebook and YouTube.