Connect with us

Top Stories

PRIME RISK: ROBUST SECURITY POSTURES REQUIRE A CHANGE OF FOCUS

PRIME RISK: ROBUST SECURITY POSTURES REQUIRE A CHANGE OF FOCUS

The financial services industry remains at great a risk as ever from cybersecurity threats, despite regulators taking an increasingly hard stance on data protection. If they haven’t already, then the £2.5 million stolen from 9,000 Tesco Bank customers and 146 million records of US consumers stolen in the Equifax breach should be causing alarm bells to ring; and within a matter of months, there will be no quarter given to banks who don’t have proper cybersecurity and data protection processes in place.

However, general thinking around cybersecurity models is flawed, and the heavy focus on regulatory compliance is unhelpful. Whilst regulations such as the new General Data Protection Regulation (GDPR) and New York State’s DFS Cybersecurity Regulation rightly put ever greater pressure on data protection, fundamentally, the current ‘protect’, ‘detect’, ‘react’ approach is no longer fit for purpose.

Instead, argues Dan Panesar, VP EMEA, Certes Networks, firms must focus on developing a far more robust security posture based on the critical element of breach ‘containment’; and this can only be achieved by adopting a Zero Trust approach to cybersecurity.

A Prime Target

In 2016, the financial services industry was attacked 65% more than the average organisation across all industries, and according to IBM, 200 million financial services records were breached in 2016, a 900% increase from 2015.

The motivation to attack the industry is not likely to diminish. The goldmine of sensitive data – from credit card to consumer details – means that financial institutions are going to remain a prime target from hackers trying to find weaknesses in the network so they can get in. And whilst the regulators are taking an increasingly hard stance on data protection, organisations that take a regulation-only approach to cybersecurity are actually putting themselves at greater medium- to long-term risk.

The reason should be apparent: by the time most regulations are implemented, they can be 24 months old, resulting in security postures that very quickly become out of date. Moreover, they actually provide hackers with an ‘access blueprint’, as weaknesses in the security model that are not covered by regulation are clearly visible for any hacker to exploit.

Innovation is needed.

Zero Trust Security

The solution lies in the Zero Trust model. A phrase initially coined by Forrester, the Zero Trust approach to cybersecurity abolishes the idea of a trusted network inside the corporate perimeter. It assumes that you can no longer trust anything that is within the extended infrastructure – no users, apps or devices. It assumes that the network can be compromised at any time, by anything.

This means decoupling security from the complexity of the IT infrastructure and addressing specific user/ IoT device vulnerability. Instead of firewalls, network protocols and IoT gateways, organisations should consider data assets and applications; and then determine which user roles require access to those assets.

Building on the existing policies for user access and identity management, organisations can then deploy cryptographic segmentation to ensure only privileged users have access to privileged applications or information. Each cryptographic domain has its own encryption key, making it impossible for a hacker to move from one compromised domain or segment into another – it is simply not possible to escalate user privileges to access sensitive or critical data, meaning that in the inevitability of a breach, the threat is both contained and rapidly identifiable – and any fallout limited.

Conclusion

If the financial services industry is to keep itself out of the headlines and prevent high profile data breaches, the attitude needs to change. The heavy focus on regulatory compliance over data security means that financial institutions will not achieve the robust security posture required to protect data against the continually evolving threat landscape.

It is time to ensure that innovation plays a part in security best practice, and deploy solutions that are in line with a Zero Trust approach.

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Recommended

Newsletters with Secrets & Analysis. Subscribe Now