Security Trends In The Financial Services

Security Trends In The Financial Services

Security Trends In The Financial Services

Readers who subscribe to our newsletter will have already read Fridays news about Microsoft’s latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries – financial services, healthcare, retail, and public sector.

Microsoft chose to focus on financial services as one of their key industries because of its scale and omnipresence across all areas of society and business. Financial services organisations handle trillions of transactions each year, and have huge amounts of sensitive data about individuals, companies, and other parties. Protecting that information is a critical component in building trust with customers.

The Problem

Several countries use regulatory bodies to try and force financial services firms to take greater responsibility for data protection. The UK’s regulatory body – the ‘Financial Services Authority’ (FSA) – uses its ‘Principles for Business’ to state that a firm must conduct its business with “due skill, care and diligence, while taking reasonable care to organise and control its affairs responsibly and effectively”. Across the Atlantic, the American government takes a similarly hard-line approach, using its Securities and Exchange Commission to force some financial services firms to have a disaster recovery plan as a fiduciary responsibility. Sadly, in many cases, either companies do not heed their government’s advice, or they do not have strict government guidelines to adhere to.

Microsoft’s report highlights several shortcomings in firm’s security measures. 38 percent of financial services firms do not have budgeted disaster recovery plans, 22 percent have no formal risk management program, 23 percent have inadequate policies for secure data disposal, 29 percent do not have a plan for responding to security breaches, 37 percent do not use standardised data classification – the list goes on.

The financial industry appears susceptible to what an FSA report termed ‘The Five Fallacies’. They believe there are five key misconceptions amongst companies that serious impact on their security; 1) a belief that the customer data they held was too limited or too fragmented to be of value to fraudsters, 2) a belief that only individuals with a high net worth are attractive to hackers, 3) a belief that that only large firms with millions of customers are likely to be targeted, 4) an assumption that threats to data security are exclusively from external sources, and 5) a belief their security systems are already adequate and fool-proof.

These misconceptions feed poor decision-making with regard to security issues. Some firms regard data security as the sole responsibility of IT staff, whereas others fail to recognise that data security is their responsibility. Some firms that do recognise the risk t rate it so low that it never attracts the attention of senior management, nor is it allocated adequate financial or human resources.

All this creates a problem, especially as these institutions are now starting to move into the cloud. As the uptake of cloud services increases, so does the vulnerability of a firm’s data. Yet, perhaps the cloud is also the answer to the problem? Perhaps it can in fact help solve some of the vulnerabilities?

Microsoft’s Recommendations

Microsoft believe that hiring a cloud service provider can help financial organisations improve their data security profile.

They claim that switching to the cloud can shift the burden of regulatory compliance and managing risk to the cloud provider. Experienced providers typically employ large teams of IT security and compliance experts who can manage their customers’ systems more efficiently and troubleshoot when something goes wrong.

Cloud service providers already offer several solutions to the current security issues posed in the report – for example, they conduct regular pre-hire and post-hire background checks on their employees, they classify data and other assets according to well-defined policies, they maintain a data backup and recovery framework that is consistent with industry practices, and they conduct regular risk assessments that evaluate threats to the confidentiality, integrity, and availability of data under their control.

The Future

Do you agree with Microsoft’s findings? Do you work in a financial services firm and have experienced poor security practices? Do you think the cloud is the answer? Let us know in the comments below.

By Daniel Price

About Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.

Find out more
View All Articles

Sorry, comments are closed for this post.

Transforming Traditional DevOps To A Modern Cloud-Centric Operation

Transforming Traditional DevOps To A Modern Cloud-Centric Operation

Transforming Traditional DevOps Over the last year, I’ve been hearing about more and more instances of companies asking the question that the title suggests – how do you transform a DevOPs process into a more cloud-centric operation? To start, we must all assume that there is some notion of a traditional DevOPs process built into…

Newton’s First Law and Cloud

Newton’s First Law and Cloud

Scaling the Mountain “You’re kidding me, the server went down? What are we supposed to do about launching the new website? We promised our partners that we would go live this weekend. I’ll admit its forty new pages but it’s just a website. How long before it all gets fixed?” I’ll bet you have been to this…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

Four FinTech Trends To Look Out For

Four FinTech Trends To Look Out For

FinTech Trends The fintech industry witnessed an enormous growth in 2015. Around $7.6 billion were invested in fintech companies last year, a substantial increase from the $4.7 billion in 2014. There is no doubt that this momentum will continue this year. The growth of capital being invested in fintech companies illustrates how technology and the…

Are You Sure You Are Ready For The Cloud?: Cloud as a Datacenter

Are You Sure You Are Ready For The Cloud?: Cloud as a Datacenter

Cloud as a Datacenter Through my job as a Cloud Architect during the day, I run into a lot of scenarios that I think would be important to write about. Not that they are of major importance to others, but a way for people to learn from real world experience. This month, it had to…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor