Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Michael Callahan, VP of FireMon 

Can the Finance Sector Counter and Manage the Alarming Gap Between Security and Technology? 

As the world of IT security has developed, so too have the issues plaguing the enterprises that have adopted advanced security strategies. For years, experts have been trying to resolve a security deficit with a slew of technologies that it has now exploded out of control. Almost unknowingly, gaps have formed within cybersecurity protection and infrastructure across various industries. One industry in particular is likely to suffer the most, given the sensitive nature of its infrastructure and data it needs to protect from cyber attackers – the banking sector.

As banking transitions to online, mobile and on the go, the security infrastructure to support it has also multiplied – and that means more investment in security technology in an attempt to ward off cyber threats. We are now seeing a trend where there are too few security personnel to monitor and manage the snowballing number of technologies and security risks.

The Big Issues

Financial enterprises have been taking a more traditional route to achieving a securer infrastructure by investing more in security technology to try and alleviate the tremendous pressure security teams face, but that has not solved the situation. It has become impossible to keep up with the millions of rules or potentially thousands of devices – from firewalls to routers and switches – within financial organisations. This is largely due to the shortage of resources. The low staff count plus the increase in technology has led to an imbalance that results in the inability to manage security effectively.

Exploiting the infrastructure of financial institutions has become the go-to-sport for cyber aggressors with breaches becoming frequent news. The network security systems have become overwhelmingly complex for SMBs and large enterprises as they are being insecurely integrated, making it difficult for enterprises to allocate adequate security funding to precise flaws.

A serious issue in 2016 that hampered many banks was distributed denial-of-service (DDoS) attacks. In fact, it was found that over one in four banks around the world were attacked via DDoS with the cost of damage estimated to be over $1 billion. Combine that with the evolution of IoT, and you have the perfect recipe for disaster. ForeScout Technologies reported that the average business must deal with 7,000 IoT devices in the next 18 months with smaller businesses potentially having more. Frustratingly, attackers have clocked on.

So, where are the IT professionals to prevent this?

With a global shortage of qualified security professionals, the financial sector is among the industries struggling to find skilled staff to operate their complex defence systems which have been implemented out of compliance rather than security, leaving them exposed. Recent stats also make for a frightening read. A study conducted by Forrester Consulting in 2016 found 80% of businesses are vulnerable to cyber attack with 32% of European businesses stating it’s difficult to find qualified IT security personnel, per research from Frost & Sullivan. A further 75% of organisations lacked sufficient cybersecurity expertise according to a Tripwire study and if enterprises had enough to worry about, the latest analysis from the Cost of a Data Breach report, published by Ponemon Institute, estimates the average cost of a data breach to now be $4 million, meaning businesses can no longer afford to be lackadaisical and neglect to enforce appropriate security measures.

In addition, companies are suffering from ‘alert fatigue’ with studies published by EMA and International Data Corporation claiming 92% of companies were getting up to 500 alerts a day with 88% being critical. In other words, threat detection has improved, but the number of alerts means that security professionals have become complacent as a result.

Intelligent Security Management

To rectify the Complexity Gap and reduce it, a new approach is needed that allows security teams to better manage all their investments in security, from firewalls to routers and switches. A new trend within the industry has seen management technology as a ‘workforce multiplier’ being the light going forward.

The attraction to using management technology is that it fixes some of the key issues that created the Complexity Gap by using automation and analysis that human resources cannot provide. These tools have been designed to aid organisations, like financial institutions, with their own policies, frameworks and compliance requirements to automate tasks. Some decrease time needed for cyber security investigations. Others enhance project management by decreasing time needed for security audits and facilitating better use of security already in place within monetary enterprises. This allows for better optimisation of the technology in use, uncovering the needles in the haystack by contextualising the security information as well as rationalising the information so that focus can be directed to the bigger security issues.

Adopting this kind of approach may well be the answer in helping restore balance and close the Complexity Gap. It is ideal for delivering a rapid response for automating security policy configuration in line with laid down compliance practises and improving the organisation’s security posture.  It also dramatically reduces the operational expense through detailed analysis and risk simulation so that people can focus on areas that are higher value and remove the very time consuming aspects of security management.

Nevertheless, the problem will get worse before it improves. With industries adopting more devices and looking to automation, and with no immediate response to the cyber security skill shortage, the Complexity Gap is likely to widen. Thankfully, there are solutions to the problem. For the banks, numerous C-level execs have identified cyber-threats as their top concern, it is just whether the sector is quick enough to act before it’s too late and make better, more intelligent security device management a priority.