Financial service organizations including banks, wealth advisors, insurance providers and others rely on data to power their business. As a result, they hold vast amounts of highly sensitive, personal information and today, all of it is of course digital. This treasure trove of data makes the financial services industry a highly valued target for cyber criminals and a quick check of headlines prove they have been busy taking what they want from many. From Capital One to Equifax and countless others in between, data breaches across the financial sector are massive both in scope and cost.
High Cost of Data Breaches
As this year’s Cost of a Data Breach Report by the Ponemon Institute again shows, the price tag for falling victim to hackers continues to climb. The global, cross-industry average cost is now $3.92 million – an increase of 12% over what it was just 5 years ago. Driving the rising costs for all U.S. organizations is the lost business that results from a breach including lost customers, system downtime and general business disruption.
Adding further insult to injury, the financial impact of a data breach can last for years, particularly for highly regulated industries like financial services. Long, complex governance processes in which legal fees and fines are dragged out for long periods of time are painfully common. As the regulatory environment continues to evolve, with new state data protection laws such as the California Consumer Privacy Act (CCPA) coming onto the scene for example, compliance challenges and associated fines for financial services and other industries will only grow.
3 Steps to Better Data Security
How are cyber attackers getting in? There are several studies on this and for the financial services industry specifically right now, most point to phishing attacks as the primary culprit. Intended targets include both the institution’s employees and their customers.
Regardless of tactic however, there are a few steps you can take to improve your security posture.
Know your endpoints. Comprehensive asset intelligence equips IT and security teams with the full story of their device population and provides a single source of truth into where your devices are, how they are being used, and whether or not your security controls are working as they should. The 2019 Endpoint Security Trends report found 42 percent of all endpoints are unprotected at any given time and 100 percent of endpoint security agents eventually fail. Timely insight into your users, device fleet, the apps they run, and the data they touch will help you identify blind spots that often represent a breach waiting to happen.
Fortify endpoint resilience. To mitigate risks and potential security exposures, ensure your endpoints are self-healing machines capable of safeguarding distributed data without the need for human intervention. Automated self-healing is critical when it comes to fending off the barrage of attacks you (and your users) face every day. Absolute is already embedded in your devices; you just have to activate it. OEMs, including Dell, HP, Lenovo, and Microsoft, ship their machines with Absolute’s firmware-enabled Persistence™ module. With this unshakable connection to every device, Absolute examines hygiene and compliance drift, regenerates controls and boosts the resiliency of all your endpoints.
Implement the NIST Cybersecurity Framework (NIST CSF). Because much of the high cost of a data breach comes from compliance failures, continuous compliance must become your new normal. Ongoing, flexible checks that adapt to any standard like GDPR, SOX, PIPEDA (among others) are needed to identify and restore critical security controls including AV, encryption, EDR, DLP, VPN and others that cause compliance drift when disabled or outdated. One-way organizations are responding to this continuous need for visibility and control is by adopting the NIST CSF. The repeatable framework supports proactive cybersecurity disciplines and enables scalable operations. For more, read: How to Use the NIST Cybersecurity Framework.
The financial services industry doesn’t have the sole attention of cyber criminals – no industry is immune to attack anymore. But knowing your specific risks is the first step in providing better protection for your organization as well as your customers.
For more information on how Absolute helps financial organizations protect data and remain compliant, see our solution sheet.