Findings from a recent survey of 100 senior business decision makers within enterprise financial organizations in the UK, revealed that 70% of financial institutions have experienced a cyber security incident in the last 12 months. This statistic suggests that organizations should put cyber security higher up on the agenda; especially when you consider the recent large fines that have accompanied data breaches for big brand names such as British Airways and Marriott Hotels.
The survey data also suggested that those with budget responsibility in this area wanted to see an increase in cyber security investment (73%), with almost one in five (17%) UK firms reporting that their budgets currently stood ‘well below the adequate level’. If organisations are underfunded, there is pressure on budgets to work as hard as possible in order to provide an adequate safety net. So how are cyber security budgets allocated? And what is driving investment in these areas?
Below we outline the top five areas from the results of the survey (in descending order of investment) and suggest ways organizations can best shore up defences in each:
1. Data Loss Prevention (53%)
Top spot goes to DLP. This result is probably the least surprising. We know breaches from malicious attacks, accidental document leaks, and new privacy regulations are demanding that organizations have total, unhindered visibility of their sensitive data, to understand its context and ensure the appropriate level of security is applied at all times – while in use, at rest or in motion. Adaptive Data Loss Prevention technology applies the most optimal security treatment based on content, context and required regulation policy. It includes real-time redaction, encryption, blocking or deleting. DLP solutions like these should be central to any cyber security strategy. They are cost effective to deploy and offer a comprehensive level of protection from the loss of sensitive data.
2. Database Security (42%)
In much the same vein as for data loss prevention, there is no excuse in today’s increasingly connected and cyber-advanced society not to ensure the security of your enterprise’s database and all of the information contained within it. With such a wide-ranging category, we would expect to see this near, if not at, the top of firms’ priorities when it comes to cyber security spending and maintaining a robust defense against threats from all angles. When it comes to information security, our solution fully sanitizes all ransomware threats as and when they appear, preventing sensitive data leaks at source by eliminating the threat in real-time.
3. Regulatory Compliance (40%)
At the risk of repeating ourselves, regulatory compliance is another extremely important aspect of any company’s IT infrastructure. It also goes without saying that, as technology and the threats it brings with it evolve, the regulations that apply to them will need to do so as well – staying on top of this dynamic landscape is critical. With increasingly stringent regulations being introduced, all of which necessitate the collection, processing and analysis of ever-growing volumes of data, there is simply no choice for firms but to automate compliance. Be it for PCI, GDPR or HIPAA, to name but a few, we provide shadow IT detection, data redaction and advance threat detection as standard.
4. Advanced Threat Detection (40%)
Of the 70% of financial organizations that suffered a cyber security incident from our survey, nearly half were as a result of employees’ failure to follow data protection policy. Do these figures suggest a lack of understanding of GDPR regulation? If so, it further strengthens the case for automating crucial compliance-related processes, freeing up resources for employees to focus on running their business, instead of actively fighting regulatory threats. With more and more malware incorporating new and sophisticated evasion and obfuscation capabilities, the importance of equally advanced threat detection measures cannot be downplayed.
5. Endpoint Security (39%)
There are multiple areas within an IT infrastructure where critical information is stored, including email inboxes, file servers, collaboration servers (some of which might be ‘in the cloud’) and endpoint devices. Although it occupies the final place in our top five, endpoint security is arguably one of the biggest threats in the increasingly widely connected cyber sphere we all inhabit. Clearswift’s Endpoint Data Loss Prevention (DLP) solution is specifically designed to address the loss of critical information at the endpoint. Not only does this solution regulate what devices can be connected to a company network, it enables controlling and copying data to removable media such as a personal device or USB and encrypts where necessary.
As with all Clearswift products, it provides organizations with maximum visibility of crucial information stored across all of its endpoints, allowing it to be transferred to a more secure location were any of it to fall into unauthorized hands.
What does all this mean for UK financial organizations?
The clear common thread among all of these aspects of cyber security is a more urgent need than ever before for UK financial firms to not only ‘have a hold on’ or an awareness of the security of their valuable, sensitive data, but to have complete control and visibility across all of its systems.
Whether it is because of unprecedented levels of sophisticated cyber-crime or the requirement to comply with the resulting strict regulations being introduced, results from the survey suggest that leaders in the UK’s financial sector need to revisit their ‘defence in depth’ strategies, build on a security-first mindset and invest in proactive cyber security systems to protect their business-critical environments.
*** This is a Security Bloggers Network syndicated blog from Clearswift Blog authored by James.Cox. Read the original post at: https://www.clearswift.com/blog/2019/09/03/how-uk-finance-companies-invest-their-cyber-security-budget