Warning on Financial Services approach to security as cyber breaches rise

Over four in ten businesses experienced a cyber-security breach over the last year, according to The Government’s Cyber Security Breaches survey.

Investment in cybersecurity by finance and insurance firms in the last year reached a total of £17,900, and 51 percent of businesses have implemented all of the five basic technical controls listed under the Government endorsed Cyber Essentials scheme.[1]

But this is not enough to keep modern IT systems secure, according to financial technology experts World Wide Technology. Changes to the way financial services use technology means that information cannot simply be kept on a closed system and protected from external threats by a firewall. Data is now shared between thousands of locations. Multiple third parties, such as credit ratings interbank payment services, need access to this data to provide their services. It is also shared with employee and customer devices through mobile banking apps and bring-your-own-device schemes. This makes IT systems much more open to attack and requires a fundamental rethink in approach to security.

Nick Hammond, Lead Adviser for Financial Services at World Wide Technology, comments: “The way data use has changed in recent years has made companies much more vulnerable to cyber breaches.

“Data-sharing between multiple devices and third parties is important for the way we bank today, but it poses a pressing security challenge for protecting this data. It is no longer possible to draw a perimeter around the whole system, so instead each individual application has to be protected, and only allowed to share data with other applications which need it.

“But the sprawling, interdependent nature of modern financial IT infrastructures means creating this is often easier said than done. Over the years, IT architectures have become a patchwork of updates, changed by various different teams without visibility over the entire system, creating many complex interdependencies.

“This means that trying to isolate one application and secure it can mean another one stops working. For example, e-commerce systems often rely on credit card databases to work, and would stop working if the communication between the two was cut off.

“If they are to tackle threats of cyber breaches in a future-proof way, financial services firms need a bespoke security policy that traces every interdependency within their systems and adapts protection policies to fit the complexities of the system.”

Over four in ten businesses experienced a cyber-security breach over the last year, according to The Government’s Cyber Security Breaches survey.

Investment in cybersecurity by finance and insurance firms in the last year reached a total of £17,900, and 51 percent of businesses have implemented all of the five basic technical controls listed under the Government endorsed Cyber Essentials scheme.[1]

But this is not enough to keep modern IT systems secure, according to financial technology experts World Wide Technology. Changes to the way financial services use technology means that information cannot simply be kept on a closed system and protected from external threats by a firewall. Data is now shared between thousands of locations. Multiple third parties, such as credit ratings interbank payment services, need access to this data to provide their services. It is also shared with employee and customer devices through mobile banking apps and bring-your-own-device schemes. This makes IT systems much more open to attack and requires a fundamental rethink in approach to security.

Nick Hammond, Lead Adviser for Financial Services at World Wide Technology, comments: “The way data use has changed in recent years has made companies much more vulnerable to cyber breaches.

“Data-sharing between multiple devices and third parties is important for the way we bank today, but it poses a pressing security challenge for protecting this data. It is no longer possible to draw a perimeter around the whole system, so instead each individual application has to be protected, and only allowed to share data with other applications which need it.

“But the sprawling, interdependent nature of modern financial IT infrastructures means creating this is often easier said than done. Over the years, IT architectures have become a patchwork of updates, changed by various different teams without visibility over the entire system, creating many complex interdependencies.

“This means that trying to isolate one application and secure it can mean another one stops working. For example, e-commerce systems often rely on credit card databases to work, and would stop working if the communication between the two was cut off.

“If they are to tackle threats of cyber breaches in a future-proof way, financial services firms need a bespoke security policy that traces every interdependency within their systems and adapts protection policies to fit the complexities of the system.”