Protecting Financial Data: A New Security Approach | GBAF

Protecting Financial Data: A New Security Approach | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > WHY BANKS NEED A DIFFERENT APPROACH TO DATA SECURITY

WHY BANKS NEED A DIFFERENT APPROACH TO DATA SECURITY

Published by Gbaf News

Posted on January 8, 2015

5 min read

Last updated: January 22, 2026

Visual representation of cloud security risks related to unauthorized applications - Global Banking & Finance Review — This image illustrates the growing concern of shadow IT within organizations, highlighting the security threats posed by unauthorized cloud applications as discussed in the article. It emphasizes the need for better oversight in cloud app implementation.

By Paul Hampton, Payment & Crypto management expert at SafeNet

Over the past few years, data breaches have increased in frequency and size, making the need to protect sensitive information a top priority for businesses worldwide. According to the latest Breach Level Index report, there have been more than a thousand worldwide data breaches so far this year that compromised nearly 563 million data records of customers’ personal and financial information.

Big names targeted and exposed in the last 12 months not only include Ebay, Adobe, Tesco and Morrisons, but also reputable financial institutions such as the European Central Bank, JP Morgan Chase and HSBC.

Time and time again, attacks against banks have shown that breach prevention and threat monitoring alone will not keep the cyber criminals out. Being breached is no longer a question of “if” but “when”. So what can banks and other financial institutions do to protect themselves and guarantee the protection of data as it is used?

With the latest reports showing that the financial services industry accounts for more than 40 per cent of all data records stolen, the reality is that even the bigger players with more money to invest in security are not necessarily better protected. Banks are vulnerable to cyber-attacks which can be damaging both to the institution’s reputation and bottom line, as well as to customers’ confidence in the entire financial sector.

The new reality is that conventional data protection is outdated. While today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection, history has taught us that perimeters are eventually breached and made obsolete. Simply putting up a wall around the data and standing watch is no longer enough.

Organisations of all types, including financial institutions, often underestimate the magnitude of the risk to their business-critical data while it’s in transit across public or private data networks. It’s not simply systems and servers that are vulnerable to attack. Most banks today need to send and receive data across both internal and external networks – locations which are immune to anti-intrusion and anti-virus protection. So as data travels across networks – internally and externally – it carries its own degree of risk exposure. But, despite the increasing scale and sophistication of data breaches, organisations still continue to invest the majority of their IT security budgets in the same perimeter security defences they have for years.

In this context, financial institutions should assume that prevention and threat detection tools can only go so far and should be used as part of a layered approach to data security that can defend data once criminals get into the network. With data stored in a plain-text state being easily readable and accessible for cyber criminals, banks must move to a framework that is centered on the data itself,and provides protection that stays with it, no matter where it is being sent, such as better access control techniques, stronger authentication measures and the use of encryption.

From the moment data is in motion, organisations are no longer in control. Data can be easily and cheaply intercepted by cyber-criminals for a number reasons – ranging from data theft to cyber-blackmail. With encryption, banks can maintain control of their data, even when it is deployed in the cloud or in their data centre. By moving security controls as close as possible to the data, banks can ensure that even after the perimeter is breached, the information remains secure. This means they must view the protection of sensitive data not as a compliance mandate, but as a responsibility essential to their success.

Financial Institutions need to focus on a defense-in-depth strategy and on securing the breach, which means using data encryption as the last line of defense.The only way that banks can maintain business and customer trust in their brand, is by encrypting all of their financial and customer information, both in storage and in transit.

In fact, banks can even increase customer trust by telling clients about the security measures that they have put in place to protect their data. By being open about the efforts they are making with regards to data protection, like encrypting data end-to-end, they can be perceived as trusted innovators. Banks can take this a step further and, as well as informing customers about what they are doing to protect them, can also tell them what to do in order to protect themselves and become safer consumers of services.

With threats changing daily, meeting the minimum legal requirements is no longer enough.

Banks need to be continually vigilant and take a multi-layered, dynamic approach to data security which will allow them to be safe in the knowledge that their data is protected, whether or not a breach occurs.Only banks that adopt a ‘secure breach’ approach, consisting of a combination of strong authentication, data encryption and key management, can be confident that data is useless should it fall into unauthorized hands.