Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

ADDRESSING THE HUMAN FACTOR IN CYBER-SECURITY WITH PLATFORM AND INFORMATION PROTECTION

ADDRESSING THE HUMAN FACTOR IN CYBER-SECURITY WITH PLATFORM AND INFORMATION PROTECTION

By Sicco Boomsma, Director in ING’s Structured Finance TMT team

Sicco Boomsma

Sicco Boomsma

Organisations are implementing increasingly advanced cyber-security technology to protect their networks and data from outside threats. But preventing the theft of sensitive information from within systems and especially by employees adds an additional layer of complexity that must be addressed.

Human actions, whether unintentional mistakes or malicious insider activity, are a major threat to platform and information security across all organisations. No matter how robust the technology, any individual with access to an organisation’s systems and data, it is a potential vulnerability – an unwitting response to a phishing message, a mistakenly downloaded web document or an opened email attachment containing a virus are all significant weak points.

IBM Security Intelligence notes that 95% of all security incidents involve human error: “Many of these are successful security attacks from external attackers who prey on human weakness to lure insiders within organisations to unwittingly provide them with access to sensitive information.”

A large number of recent high-profile corporate IT security breaches can be traced to human error or intentional malicious actions. This has not only raised management awareness about the risks, but is also drawing the attention of regulators, who are drafting tighter rules on information protection, particularly in sectors managing highly sensitive personal data such as banking, insurance and healthcare, where breaches can have huge implications for both the individual and the company holding the data.

The trend is causing organisations to adopt more comprehensive strategies and increase their cyber-security budgets. The trade-off between increasing operational costs to protect your business versus the alleged reputational risk opportunity loss is increasingly falling in favor of investing in infrastructure protection as well as increasing automated protocols for the treatment of sensitive data. Consequently, growth in the market for platform and information security is forecast at a compound annual rate of 5.8% over the coming years, according to Gartner, creating a sector worth €8.1 billion globally by 2019.

Systems combining a variety of information and network security technologies, coupled with event management and threat intelligence, are being implemented more widely, enabling organisations to detect incidents and manage them on an internal and external basis. These products can also support cyber-assurance policies that require close monitoring of threats to provide adequate coverage in the event of breaches.

Among key technologies being deployed are Secure Email Gateways that provide inbound protection against malware and spam from emails, and also monitor, inspect and encrypt outbound email content. Similarly, Secure Web Gateways protect internet-connected devices from infection, filtering unwanted software and malware from internet traffic while enforcing compliance with corporate and regulatory data protection policies. Data Loss Prevention systems also play a key role in preventing information leakage by identifying and plugging weak points that could enable cyber-criminals to access, hi-jack or attack-and-destroy confidential data.

Should unusual activity occur, platforms that provide Security Information and Event Management (SIEM) are essential for organisations to identify and respond to threats and breaches, including detecting malicious activity or deviations in network access and usage. SIEM systems can collect data for real-time detection and provide analysis of security events, in turn enabling an instant and automated response to threats.

Perhaps most important is Threat Intelligence, based not only on security technology but human expertise. Threat Intelligence systems automate the process of identifying important attacks out of vast amounts of irrelevant data, tracking events as they occur with real-time analysis that monitors the behaviour of software, systems and the human factor to detect incidents that might be malicious.

Threat Intelligence allows organisations to draw on evidence-based knowledge, including the context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard. Because events are logged, Threat Intelligence platforms provide forensic data that can be used to determine patterns, predict possible attacks and attack vectors, and help to prevent future attacks.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post