Financial Services Sector Struggles With IT Security

A recent study from Bitglass found 14 percent of data leaks in financial services attributable to unintended disclosures and 13 percent to malicious insiders.

it security and bitglass

Lost and stolen devices account for one in four breaches in the financial services sector, and five of the nation’s largest banks have suffered a breach already in 2016, according to a Bitglass report.

The study found 14 percent of the leaks could be attributed to unintended disclosures and 13 percent to malicious insiders.

In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014. In the first half of 2016, 37 banks disclosed breaches.

Lost and stolen devices topped the type of breach events at one-quarter, which shows financial services organizations struggle with data protection on managed and unmanaged devices.

"Recurring breaches and the relative frequency of unintended disclosures were most surprising in that they suggest many financial services orgs still don't have adequate security," Rich Campagna, vice president of products for Bitglass, told eWEEK. "Solutions focused on infrastructure security and corporate-owned devices are becoming increasingly ineffective in a cloud and BYOD-centric world. BYOD access and cloud-based productivity apps may not have been the focus a decade ago, but have now become critical to security."

He explained a short-term view of IT security issues can pose issues for financial services firms.

"Many organizations likely will adopt several cloud applications over time and need a security solution capable of providing cross-app visibility and control over corporate data," Campagna said. "Cross-app security solutions provide better insights and more effective security than options that provide limited visibility into just one app." He noted encryption is also a big issue for many firms looking to migrate to the cloud.

“While organizations want the flexibility, ease of deployment and cost savings of adopting apps like Salesforce, encrypting data at rest in a way that maintains full functionality of the application is another major challenge that cloud access security brokers can solve," Campagna said.

Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals. Equifax also has disclosed several recent breaches, including unauthorized accesses earlier this year that affected hundreds of thousands of individuals.

"IT leaders are well-aware of the challenges they face—the growing demand for BYOD, the need to migrate to the cloud, the threat posed by external sharing—and are quickly adopting solutions that help mitigate these threats," Campagna said. "Breaches will likely level off or decline as organizations shift away from firewalls and device management toward data-centric security solutions that provide visibility and control over data in the cloud and on any device."