Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

GDPR demands increased control over digital assets

GDPR demands increased control over digital assets

By Fabian Libeau, EMEA VP at RiskIQ

Ahead of the enforcement of EU General Data Protection Regulation (GDPR), businesses across Europe are having to make changes to how they solicit, handle and secure personal data. Stakes are high, as non-compliance can result in severe penalties, not to mention the impact on brand reputation and customer satisfaction. I’d like to look at how an organisation’s exposure on the Internet further complicates this already complex challenge.

Fabian Libeau

Fabian Libeau

Security and compliance outside the firewall
Financial services organisations are increasingly embracing digital to better serve their customers and remain competitive. What started as a web presence has now branched out to include company developed mobile apps and social media accounts across different social media platforms. While these digital assets offer consumers a range of touch points though which to engage, they also result in an expanding digital footprint that is difficult to secure and make compliant.

Looking specifically at data capture, compliance with EU GDPR requires organisations to offer individuals a clear and active opt-in before collecting any Personally Identifiable Information (PII). All information should be collected and transmitted in a secure manner.

GDPR also requires the reporting of data breaches within 72 hours of an incident. As such, working to pro-actively mitigate data breaches will be critical. This will require a hard look at an organisations digital footprint, not least because cybercriminals are increasingly targeting digital assets that exist outside of traditional firewalls across web, social and mobile. Indeed, Verizon research1 found that the majority of data breaches (75 percent) can currently be traced to external threats.

Since financial services organisations are increasingly embracing digital to better serve their customers and remain competitive – such as with mobile banking apps – it will be critical to have a clear overview of all their digital assets. In fact, effective GDPR compliance will be hard without maintaining internal asset inventories that detail the exact location, accessibility, patch level, and ownership of assets both within and outside the firewall. All login pages, data entry forms and persistent cookies used across an organisation’s sites, whether they were developed in-house or outsourced by marketing or a business unit, will have to be reviewed for compliance.

The stakes are especially high for financial services organisations, as they not only handle data that is PII – such as a username, phone number, address, social media presence, photos, location data and even IP addresses – but is also high in economic value.

There is already an upsurge in phishing attacks that use the branding of organisations to scam their customers into channelling their money, or other forms of valuable data. In recent weeks, there has been warnings of phishing campaigns urging consumers to update their personal information ahead of the GDPR implementation. TSB also issued warnings to customers about hackers using phishing tactics in the midst of its IT meltdown. This illustrates the sophistication of cybercriminals as they re-invent their tactics to scam customers.

Importance of digital threat management
To ensure GDPR compliance, and to safeguard brand reputation and customer satisfaction, financial services organisations need to have a complete view of the digital assets they own, as well as how the attacker sees them. By continuously monitoring their web, mobile and social assets, companies will be able to weed out the threats and effectively reduce their digital risk exposure. This means automatically flagging assets that capture and process PII to the internal security team, including sites and accounts set up by malicious actors using the brand as a lure, such as with fake ads. In addition, it means discovering and responding to attacks or fraudulent activity related to said assets already at the planning stage – before any data is compromised.

In summary
Targeted attacks against financial services organisations are increasing exponentially, with hackers, organised cyber-crime groups and nation states continuously deploying attack infrastructure to launch phishing attacks, domain threats, brand abuse, social, mobile, and malware based cyber-attacks. Security and compliance teams within the sector therefore need to focus on increasing their organisation’s security and compliance posture across their entire digital presence to reduce cyber risk.

1 https://www.verizondigitalmedia.com/blog/2017/07/2017-verizon-data-breach-investigations-report/

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post