A lot of attention has been paid to the increased targeting of healthcare data by cybercriminals, but the healthcare industry is not the only industry experiencing higher levels of data breaches. According to past reports, the financial industry is also under strain to protect data, with larger data breaches happening more frequently. Between 2013 and 2014, the number of records exposed in the financial sector went from 112,000 to 1.1 million records.
The Justice Department, in a statement on its Cybersecurity Roundtable, noted that they were working with the Treasury Department and in-house counsel at various financial institutions, who are now “frequent targets for data breach efforts.” The goal was to help organizations better respond to cyber attacks and intrusions.
The Federal Financial Institutions Examination Council (FFIEC) also released two statements recently addressing the issue of cyber attacks and compromised user credentials / malware and how they are affecting the financial industry. The purpose of the statements was to encourage financial institutions to better prepare for these threats and to know how to respond, if they should occur.
FFIEC guidance includes suggestions to:
- Securely configure systems and services
- Review, update, and test incident response and business continuity plans
- Conduct ongoing information security risk assessments
- Perform security monitoring, prevention, and risk mitigation
- Protect against unauthorized access
- Implement and test controls around critical systems regularly
- Enhance information security awareness and training programs
- Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center
At Absolute Software, we advocate for a layered approach to data security, one which includes consideration for technology, internal processes and user education as vital to protecting data. Earlier this year, we wrote a post on Data Security Risk Mitigation in Financial Services, which goes into detail about the risk mitigation process including how to quantify risks, lifecycle security, incident response and extending protection to intellectual property. Contact us to learn more about how we can help bolster your data protection.