Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cyber in the finance industry: How can it do better?

By Jonathan Clarke

Given how lucrative and vital finance companies are to the UK economy, it’s no surprise that cyber criminals are trying their luck at infiltrating these organisations, stealing sensitive information, and causing havoc. In fact, the Financial Conduct Authority has revealed that the number of declared cyber-incidents in the UK finance sector has risen by more than 1000% since last year.

Jonathan Clarke
Jonathan Clarke

The evidence is rife too – earlier this year, Metro Bank became another victim that was added to the list of cyber-attacks, after hackers were able to intercept a telecommunications vulnerability, affecting on a few customers however. Not as lucky was Tesco Bank, which was subjected to a £16.4 million fine when a staggering £2.26 million was stolen from customers’ personal current accounts.

Despite such high-profile attacks being reported within the financial sector, businesses are still failing to implement robust cybersecurity policies. And, amid today’s advanced threat landscape, it is usually a case of ‘when’ and not ‘if’ a firm is breached. Many financial firms are still just trying to get the basics right, have old IT systems in place and do not carry out regular cyber-assessments.

What’s the problem?

It’s evident the industry needs to boost and improve its defence against malicious attackers, but first, it’s important to pinpoint where the issues are coming from. From the BeyondTrust 2019 Privileged Access Threat Report, 58% of organisations believe it is likely they have suffered a breach due to vendor access, and 64% say employees were a cause of the breaches – of which financial organisations are included. Indeed, most organisations in and out of the financial industry are having a difficult time managing privileged insiders and third-party vendors, in fact, almost half still use manual processes to control privileged identities, which simply isn’t scalable.

What’s the solution?

In light of these findings, employee error needs to be minimised, and should it happen, the ramifications need to be promptly dealt with effectively.

The weakest link in an organisation, often starts with employees. Usually ranging from their poor password hygiene, to being targeted by phishing emails.  And, unfortunately, by giving employees administrator rights, this puts systems and data in the firing line for hackers. So, it’s paramount to tackle this issue at its root.

Indeed, productivity issues arise when limiting user rights–IT help desks can often be inundated with requests to grant access to basic systems or files. As such, the balance between security and productivity, specifically within a fast-paced, high growth environment like the finance sector, always seems to be a trade-off.

So, how can this be remedied? By removing unnecessary admin rights and giving users just enough access to do their jobs productively, organisations can significantly reduce the attack surface. To achieve this, Privileged Access Management (PAM) can be implemented. Three features of an effective PAM solution include:

  1. Lock down and control credentials: Find, manage, and monitor privileged accounts/assets, and automate privileged password and session management.
  2. Remove excessive end-user privileges: Control and monitor privileged activity on Windows, Mac, Unix, Linux, and network devices, remove excessive privileges without impacting productivity, and enforce granular application control.
  3. Protect internal and vendor remote access: Secure, manage, and audit remote access from third-party vendors and internal employees with privileges, such as the service desk.

When organisations have fully integrated PAM tools, they are more confident to identify threats from employees with privileged access. With control and visibility over their entire environment, organisations can significantly reduce the likelihood that they become a victim of a breach, while allowing their employees to remain fulfilled and productive at work.