{"id":35507,"date":"2014-05-05T10:29:34","date_gmt":"2014-05-05T14:29:34","guid":{"rendered":"http:\/\/cloudtweaks.com\/?p=35507"},"modified":"2023-10-18T04:21:07","modified_gmt":"2023-10-18T08:21:07","slug":"security-trends-financial-services","status":"publish","type":"post","link":"https:\/\/cloudtweaks.com\/2014\/05\/security-trends-financial-services\/","title":{"rendered":"Security Trends In The Financial Services"},"content":{"rendered":"<h1><strong>Security Trends<\/strong><\/h1>\n<p>Readers who subscribe to our newsletter will have already read Fridays news about Microsoft\u2019s latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries &#8211; financial services, healthcare, retail, and public sector.<\/p>\n<p>Microsoft chose to focus on financial services as one of their key industries because of its scale and omnipresence across all areas of society and business. Financial services organisations handle trillions of transactions each year, and have huge amounts of sensitive data about individuals, companies, and other parties. Protecting that information is a critical component in building trust with customers.<\/p>\n<h2><b>The Problem<\/b><\/h2>\n<p>Several countries use regulatory bodies to try and force financial services firms to take greater responsibility for data protection. The UK\u2019s regulatory body \u2013 the \u2018Financial Services Authority\u2019 (FSA) \u2013 uses its \u2018Principles for Business\u2019 to state that a firm must conduct its business with \u201cdue skill, care and diligence, while taking reasonable care to organise and control its affairs responsibly and effectively\u201d. Across the Atlantic, the American Government takes a similarly hard-line approach, using its Securities and Exchange Commission to force some financial services firms to have a disaster recovery plan as a fiduciary responsibility. Sadly, in many cases, either companies do not heed their government\u2019s advice, or they do not have strict government guidelines to adhere to.<\/p>\n<p>Microsoft\u2019s report highlights several shortcomings in firm\u2019s security measures. 38 percent of financial services firms do not have budgeted disaster recovery plans, 22 percent have no formal risk management program, 23 percent have inadequate policies for secure data disposal, 29 percent do not have a plan for responding to security breaches, 37 percent do not use standardised data classification \u2013 the list goes on.<\/p>\n<p>The financial industry appears susceptible to what an FSA report termed \u2018<em>The Five Fallacies<\/em>\u2019. They believe there are five key misconceptions amongst companies that serious impact on their security; 1) a belief that the customer data they held was too limited or too fragmented to be of value to fraudsters, 2) a belief that only individuals with a high net worth are attractive to hackers, 3) a belief that that only large firms with millions of customers are likely to be targeted, 4) an assumption that threats to data security are exclusively from external sources, and 5) a belief their security systems are already adequate and fool-proof.<\/p>\n<p>These misconceptions feed poor decision-making with regard to security issues. Some firms regard data security as the sole responsibility of IT staff, whereas others fail to recognise that data security is their responsibility. Some firms that do recognise the risk t rate it so low that it never attracts the attention of senior management, nor is it allocated adequate financial or human resources.<\/p>\n<p>All this creates a problem, especially as these institutions are now starting to move into the cloud. As the uptake of cloud services increases, so does the vulnerability of a firm\u2019s data. Yet, perhaps the cloud is also the answer to the problem? Perhaps it can in fact help solve some of the Vulnerabilities?<\/p>\n<h2><b>Microsoft\u2019s Recommendations<\/b><\/h2>\n<p>Microsoft believe that hiring a cloud service provider can help financial organisations improve their data security profile.<\/p>\n<p>They claim that switching to the cloud can shift the burden of regulatory compliance and managing risk to the cloud provider. Experienced providers typically employ large teams of IT security and compliance <a class=\"wpil_keyword_link\" href=\"https:\/\/cloudtweaks.com\/thought-leaders\/\"   title=\"experts\" data-wpil-keyword-link=\"linked\">experts<\/a> who can manage their customers\u2019 systems more efficiently and troubleshoot when something goes wrong.<\/p>\n<p>Cloud service providers already offer several solutions to the current security issues posed in the report \u2013 for example, they conduct regular pre-hire and post-hire background checks on their employees, they classify data and other assets according to well-defined policies, they maintain a data backup and recovery framework that is consistent with industry practices, and they conduct regular <a class=\"\" href=\"https:\/\/cloudtweaks.com\/2018\/09\/hipaa-risk-assessment-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">risk assessments<\/a> that evaluate threats to the confidentiality, integrity, and availability of data under their control.<\/p>\n<h2><b>The Future<\/b><\/h2>\n<p>Do you agree with Microsoft\u2019s findings? Do you work in a financial services firm and have experienced poor security practices? Do you think the cloud is the answer?<\/p>\n<p>By Daniel Price<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Trends Readers who subscribe to our newsletter will have already read Fridays news about Microsoft\u2019s latest report into key security trends in financial services. The report is part of a series which looks at security trends in cloud computing across four specific industries &#8211; financial services, healthcare, retail, and public sector. Microsoft chose to [&hellip;]<\/p>\n","protected":false},"author":295,"featured_media":35509,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_breakdance_hide_in_design_set":false,"_breakdance_tags":"","footnotes":""},"categories":[2,3,18,5],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/posts\/35507"}],"collection":[{"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/users\/295"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/comments?post=35507"}],"version-history":[{"count":0,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/posts\/35507\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/media\/35509"}],"wp:attachment":[{"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/media?parent=35507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/categories?post=35507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudtweaks.com\/wp-json\/wp\/v2\/tags?post=35507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}