Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Cybersecurity opportunities, trends and risks

By Mike Smart, Security Strategist, EMEA, Forcepoint 

Digital transformation has caused a shift in the concept of a ‘perimeter’ in cybersecurity. Traditionally walls were built to limit access to the network, allowing security professionals to focus on specific threats from the outside in. However, walls no longer exist even in highly regulated sectors such as financial services. This is primarily because of two changes within the enterprise: the rise of the mobile employee and the wide-scale adoption of cloud services.

Remote working has enabled employees to work from different locations, accessing the network via various devices. It means they fall out-of-reach of the traditional, in-house network protection, making visibility and security enforcement difficult. Financial institutions can no longer rely on security systems designed only for the single fixed office network, particularly due to the highly sensitive data they manage and store.

The risks also extend to the movement of data. Gartner predicts that by 2021, 27% of corporate data traffic will bypass perimeter security, flowing directly from mobile and portable devices to the cloud. This is obviously a huge emerging problem for security teams – but due to the sheer volume of data that businesses hold, create and process, it is no longer possible to have full visibility of the entire network using traditional solutions. This leaves financial institutions open to a range of vulnerabilities and compliance violations.

A new philosophy 

There are no longer any clear lines when it comes to security. As a result, the value of threat-centric security, where decisions are made based on static policies without context, is limited. IT teams are overwhelmed by noise and false leads, disguising genuine threats. The problem is compounded by many businesses having very small cybersecurity teams, as well as a wider industry skills shortage – particularly for cloud security –leaving fewer individuals able to handle attacks.

Addressing this challenge requires an evolution beyond current security practices, which looks at how people interact with data, rather than focusing on specific threats. It’s only by identifying changes in human behaviour that insights into enterprise risk can be assessed and acted on.

Beyond the password

For the continuously shifting threat landscape of today, a transformative view is needed. One way is in a ‘Zero-Trust’ approach, where the concept of trust is removed from an organisation’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is a security model that means no user is given immediate access, and unnecessary traffic is forbidden. Precise identity verification is required for every person or entity attempting to access network resources, whether they’re within the network perimeter or accessing remotely.

This makes it possible to immediately identify high-risk users accessing data, especially if monitoring is continuous. Attempting to extend the traditional, threat-centric approach by adding more layers or crunching more data doesn’t go far enough – only by placing human behaviour at the centre will cybersecurity be able to step up to what organisations are now demanding of it.

This can be used to assess cyber risk in real time and remain vigilant of data as it moves within, into, and out of the enterprise. For the sensitive data financial services organisations are handling every day, this is especially important. By understanding how data flows, who has access to it and why, the efficacy of security practices can be improved.

Additionally, behaviour-based cybersecurity is tailor-made for the era of mobility and cloud. With a clear understanding of user risk, security teams can take automated action to adapt security policies dynamically to reduce the impact of risk and better protect customers and critical data alike.

Looking towards a human-centric future

It should not be assumed that cybersecurity is a binary issue of the outside versus the inside. Breaches can be caused by accidental, compromised or malicious behaviour alike. It’s a tricky conversation to have, but insider threats are also a factor. However, until a behaviour-based vision of the future is realised, there are steps that financial organisations can take right now.

Integrating intelligent security solutions that can look at user behaviour into existing threat-centric programmes will bolster existing cybersecurity programmes, and can start to address the problem of constant noise and false positives. But it’s choosing solutions that prioritise human behaviour and its context that will enable security teams to get a much stronger grip on the threats facing their organisations.