Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Paul Hampton, Payment & Crypto management expert at SafeNet

Over the past few years, data breaches have increased in frequency and size, making the need to protect sensitive information a top priority for businesses worldwide. According to the latest Breach Level Index report, there have been more than a thousand worldwide data breaches so far this year that compromised nearly 563 million data records of customers’ personal and financial information.

Big names targeted and exposed in the last 12 months not only include Ebay, Adobe, Tesco and Morrisons, but also reputable financial institutions such as the European Central Bank, JP Morgan Chase and HSBC.

Time and time again, attacks against banks have shown that breach prevention and threat monitoring alone will not keep the cyber criminals out.  Being breached is no longer a question of “if” but “when”. So what can banks and other financial institutions do to protect themselves and guarantee the protection of data as it is used?

With the latest reports showing that the financial services industry accounts for more than 40 per cent of all data records stolen, the reality is that even the bigger players with more money to invest in security are not necessarily better protected. Banks are vulnerable to cyber-attacks which can be damaging both to the institution’s reputation and bottom line, as well as to customers’ confidence in the entire financial sector.

The new reality is that conventional data protection is outdated.  While today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection, history has taught us that perimeters are eventually breached and made obsolete. Simply putting up a wall around the data and standing watch is no longer enough.

Organisations of all types, including financial institutions, often underestimate the magnitude of the risk to their business-critical data while it’s in transit across public or private data networks. It’s not simply systems and servers that are vulnerable to attack. Most banks today need to send and receive data across both internal and external networks – locations which are immune to anti-intrusion and anti-virus protection. So as data travels across networks – internally and externally – it carries its own degree of risk exposure. But, despite the increasing scale and sophistication of data breaches, organisations still continue to invest the majority of their IT security budgets in the same perimeter security defences they have for years.

In this context, financial institutions should assume that prevention and threat detection tools can only go so far and should be used as part of a layered approach to data security that can defend data once criminals get into the network. With data stored in a plain-text state being easily readable and accessible for cyber criminals, banks must move to a framework that is centered on the data itself,and provides protection that stays with it, no matter where it is being sent, such as better access control techniques, stronger authentication measures and the use of encryption.

From the moment data is in motion, organisations are no longer in control. Data can be easily and cheaply intercepted by cyber-criminals for a number reasons – ranging from data theft to cyber-blackmail. With encryption, banks can maintain control of their data, even when it is deployed in the cloud or in their data centre. By moving security controls as close as possible to the data, banks can ensure that even after the perimeter is breached, the information remains secure. This means they must view the protection of sensitive data not as a compliance mandate, but as a responsibility essential to their success.

Financial Institutions need to focus on a defense-in-depth strategy and on securing the breach, which means using data encryption as the last line of defense.The only way that banks can maintain business and customer trust in their brand, is by encrypting all of their financial and customer information, both in storage and in transit.

In fact, banks can even increase customer trust by telling clients about the security measures that they have put in place to protect their data. By being open about the efforts they are making with regards to data protection, like encrypting data end-to-end, they can be perceived as trusted innovators. Banks can take this a step further and, as well as informing customers about what they are doing to protect them, can also tell them what to do in order to protect themselves and become safer consumers of services.

With threats changing daily, meeting the minimum legal requirements is no longer enough.

Banks need to be continually vigilant and take a multi-layered, dynamic approach to data security which will allow them to be safe in the knowledge that their data is protected, whether or not a breach occurs.Only banks that adopt a ‘secure breach’ approach, consisting of a combination of strong authentication, data encryption and key management, can be confident that data is useless should it fall into unauthorized hands.