One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate.
Not only are breaches at record highs – with 65% of U.S. IT security pros in financial services organizations reporting that their organization already had a data breach – but breaches are increasing at alarming rates. In fact, if you follow the trend line set from the last three years, it shows that by the end of 2021, 72% of financial services organizations will have encountered a data breach that year. Looked at another way, there’s a 90% chance that most financial services organizations will have two data breaches between now and then.
I don’t know about you, but the prospect of my bank, IRA or 401K provider, loan servicer or other financial institution losing my data twice over the next three years is daunting. Another “canary in the coal mine” episode showcasing this trend happened just last week, with a sizeable breach of HSBC U.S. banking customers. If this trend continues, going back to paper statements and a file cabinet won’t be enough to save my finances.
What’s driving these increases in breach rates? Not just increasingly sophisticated attacks, although that’s certainly part of the problem. Two other key drivers are digital transformation and poor investments in IT security tools needed to protect data.
With digital transformation technologies like cloud, big data, IoT, containers, mobile payments and blockchain all in play, there are many new attack surfaces and risks to financial data. Each and every environment and instance requires a data security plan and implementation tuned to the environment.
Cloud is arguably the biggest risk, with financial services organizations using multiple cloud implementations for every classification of cloud environment – IaaS, SaaS and PaaS. This creates what would be a daunting challenge to protect data in each and every one of these environments, without solutions like those from Thales.
Then there’s the tendency for organizations to keep investing most heavily in IT security tools whose core mission isn’t data security. Many IT security pros have spent their working lives protecting their organization and its data with endpoint and network IT security tools, but in the words of Garrett Bekker (the analyst writing this year’s 2018 Thales Data Threat reports and a former Wall Street IT security professional) “Doing what we have been doing for decades is no longer working.”
But financial services organizations don’t seem to have received the message – or are simply prioritizing their IT security dollars elsewhere. Data-at-rest defenses, arguably the best way to protect the large volumes of data that cyber criminals are after, have the lowest levels of spending increases, while endpoint and mobile defenses are getting the highest levels.
If we’re going to solve these problems before our banks experience massive breaches of financial data, something needs to change – and what’s needed is an increased focus on data security.
The post Financial Services Data – More at risk than you’d believe appeared first on Data Security Blog | Thales eSecurity.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Andy Kicklighter. Read the original post at: https://blog.thalesesecurity.com/2018/12/05/financial-services-data-more-at-risk-than-youd-believe/