Blog

Tag: protect the data

Financial Crime Goes Big In 2015Whether people claim that 2015 was the year of the data breach or not, it’s clear that we saw major data breaches in financial institutions through external attacks, insider threats or exploiting serious vulnerabilities in systems.  Many incidents were a lack of IT security basics, such as disabling default passwords and accounts or simple implementation errors.

There were a number of incidents in financial institutions in 2015 that showcased how dangerous both external hackers and motivated or careless insiders can be.  As Fahmida Rashid says in her article on Innovative and Damaging Hacks in 2015, people intent on stealing data and money are becoming more sophisticated in their attacks.  Rather than just targeting consumer information, thieves are going after systems or data that are more lucrative.  The Carbanak advanced persistent threat (APT) attack against financial institutions around the world was a good example of targeting banks’ internal systems and operations that may have caused as much as $1 billion in losses.

There were also increases in phishing campaigns where attackers sent email that appeared to be legitimate asking for bank account information or to validate a transaction.  If the recipient blindly clicked on a link or provided information without validating authenticity, they could be out of a lot of money.

While external attackers still pose the biggest threat to financial organizations, 2015 showed insiders can cause damage as well.  Earlier this year, a former employee of Morgan Stanley pleaded guilty to stealing confidential data from more than 700,000 customer accounts while he was interviewing for a new job with two competitors.  External attackers target insiders who already have access to sensitive data. Encryption, dynamic security policies that travel with data, and robust multifactor authentication controls are some of the defenses financial institutions should consider to ensure that unauthorized individuals can’t read anything they shouldn’t be allowed to see.

It’s clear from looking at the attacks and breaches in 2015 that all the perimeter-based IT security implemented at financial organizations is not stopping the problem.  Implementing the basics of security best practices is the first place to start.  Next is to protect what people want to steal, data.  Having access to sensitive data is what criminals want so they can sell it or use it to steal big from financial institutions and their customers.

 

Photo credit elhombredenegro

It Really Is About Protecting The DataInformation security is a top concern of all organizations.  According to IBM, 83% of CISOs say that the challenge posed by external threats has increased in the last three years.  They worry about the legal and financial risks associated with data loss, privacy breaches and not complying with regulations. Daily stories in the news show examples of organizations that failed to implement sufficient security measures to protect themselves from hackers and authorized internal people stealing or taking confidential information.  Cyber crime is big business and has run amok.

In recent years, leaked emails have caused stocks to fall, stolen credit card numbers have resulted in financial disaster and loss of brand equity, stolen trade secrets have resulted in criminal charges and accidental posting of information has resulted in the loss of valuable intellectual property. As these security breaches become more common, consumers demand protection and governments respond with regulations.

In the past, organizations relied on perimeter-based security to protect their information. They erected barriers around their information, such as firewalls, VPNs, web filtering, and intrusion detection systems. With all this security in place, why does information still leak?

While these systems are necessary and help, they do not address the root cause of the problem. They don’t secure information but rather protect points of a system – the network, a server, laptops, and mobile devices. They do little to protect confidentiality and the integrity of information.

Organizations need data-centric security to protect the content that is so vital to their business. Since content is not static, an organization needs a solution that protects it no matter where it is. Content is in constant motion, traversing resources and perimeters. A document seldom resides on a single device. People download information from databases into spreadsheets and send them throughout an organization. They create reports in Word and save them as PDFs. They copy files to servers, put them in document repositories and print them for review or distribution. They email them outside an organization or put them into cloud-based services. Data-centric solutions account for the dynamic nature of information and secure it throughout its lifecycle, regardless of where it resides or its format.

If you are worried about your data, you need to protect your data.  Take a hard look at your data security and be proactive about protecting your most valuable assets and your business.  Servers and user devices are commodities.  Your data is not.

 

Photo credit Sarah Joy

Categories
Book a meeting