No Compromise for UK Financial Services

No Compromise for UK Financial Services Foreword The financial services sector is in the midst of a perfect storm, with shifting market trends disrupting the industry to its very core. Rampant globalisation, hyper connectivity, heightened customer expectation, evolving work practices, regulatory pressures and an increasing reliance on diverse stakeholder ecosystems are all having significant impact on the companies operating in this sector. These issues are also leading to an exponential rise in the challenges surrounding the protection of data. These are challenges the sector must overcome. In a recent study conducted by Ponemon, 31 percent of consumers impacted by a breach stated they had...
No Compromise for UK Financial Services Foreword The financial services sector is in the midst of a perfect storm, with shifting market trends disrupting the industry to its very core. Rampant globalisation, hyper connectivity, heightened customer expectation, evolving work practices, regulatory pressures and an increasing reliance on diverse stakeholder ecosystems are all having significant impact on the companies operating in this sector. These issues are also leading to an exponential rise in the challenges surrounding the protection of data. These are challenges the sector must overcome. In a recent study conducted by Ponemon, 31 percent of consumers impacted by a breach stated they had discontinued their relationship with the affected organisation, and 65 percent admitted they had lost trust in the business altogether. With new entrants disrupting the financial services market, with no legacy systems, they are able to provide robust, secure and agile platforms built for the market demands expectations and threats. Established players must maintain trust, whilst guarding against an increasingly complex cyberthreat landscape. In 2017, Russia’s Sberbank and the National Bank of Ukraine both fell victim to the WannaCry and Petya ransomware attacks, while Tesco Bank suffered a high profile breach in which £2.5 million was taken from customer accounts in November 2016. And these are just the attacks that made headlines. A study from Accenture suggests a typical financial services organisation will face an average of 85 targeted breach attempts every year. One of the main reasons such attacks are successful is the often outdated techniques and approach deployed to data security and operations wrapped to support this. Too often this is the result of compromises having to be made between agility and security – at a strategic level but also every single day by those on the front line defending against the threats. The digitisation agenda demands speed and usability, with an intuitive, seamless experience for customers used to a diet of one-touch access and instant information. Yet financial businesses, be they retail banks, brokerages, payments providers or insurance companies, must marry such evolution with stringent regulatory compliance and legacy systems. Businesses have often been quick to invest in the latest front-end digital platforms, without considering the security ramifications, involving the security team from the on-set, or devoting the same attention to delivering up-to-date protocols and procedures. As cyberthreats evolve, so must the approach to defence. To understand the scale of the issue, and where IT security professionals who work in the financial services industry believe change is required, we questioned 201 based in the UK, exploring their thoughts on current security practices within their organisation and where they believe they are fighting an uphill battle. This guide outlines the scale of the job ahead, identifies where common challenges currently lie, and importantly, what the sector must do to develop a fit-for-purpose approach to security which limits the impact of breaches and best protects customers. Ian Jenkins, Head of Network and Security, UK, VMware. 1 No Compromise for UK Financial Services About this research VMware commissioned research to explore the cyberthreat challenges the financial services sector faces, covering how prepared IT security professionals feel and how confident they are in their security infrastructure to balance the drive to digitisation. On VMware’s behalf, independent research house Opinion Matters questioned 201 UK based IT security professionals who work in the financial services sector in organisations of over 250 employees. The research was carried out in October 2017. The evolving threat landscape and the digitisation agenda As holders of significant amounts of data on individuals and organisations, not to mention being gatekeepers to the world’s finances, the financial services sector is a prime target for cyber criminals. Therefore, it comes as no surprise to find that they are subject to frequent cyberattacks, with 15 percent of security professionals having to deal with attempts weekly and eight percent daily. Why is this happening? Only half of those surveyed (49 percent) rated the current security of the IT infrastructure of their organisation as good with 14 percent stating it was only adequate and five percent less than adequate. This suggests security professionals are aware that cybercriminals are evolving faster than the security apparatus designed to stop them but their hands are tied when it comes to making the necessary changes to avert threats. At a time when successful and even attempted cyber-attacks have, according to 56 percent, resulted in a loss of credibility or reputation and 54 percent caused inconvenience to suppliers and customers, financial sector organisations must make changes in order to prevent devastating consequences to their bottom-line. The challenges facing IT security professionals keen to drive change are significant however – a lack of skills (26 percent), budget and resource (57 percent) and also understanding among senior management (26 percent) were highlighted as impacting how security professionals rated their employers’ data security. Even more worryingly, a quarter (25 percent) stated the impact of cybercrime was actually treated as a cost of doing business. Companies must consider the EU’s General Data Protection Regulation (GDPR) coming in to force in May 2018, which will apply to all companies selling to and storing customer or citizen personal data in Europe and other continents. With 55 percent of respondents stating both successful and attempted cyberattacks have breached customer confidentiality, such complacency could see financial services organisations facing fines of up to 20 million or 4 percent of annual worldwide turnover. That would be on top of any loss of revenue, reputational damage or reallocation of resource resulting directly from an attack. 15% admit to suffering cyberattack attempts weekly and eight percent daily 2
Read more...