How many financial service companies are vulnerable to a data breach? Way too many, according to a new report.
The report, put together by data security company Vormetric and issued in partnership with analyst firm 451 Research, shows that a whopping 90 percent of the IT security professionals surveyed in the financial services industry believe that their companies are vulnerable to a possible data breach.
Not only that, but 44 percent say they have already suffered a data breach, and 19 percent said that they suffered a data breach specifically in the last year.
"Something doesn't add up in the plans of financial services organizations for protecting data," said Garrett Bekker, senior analyst, information security, at 451 Research and the author of the 2016 Vormetric Data Threat Report, in a statement.
"Spending to protect data is increasing fastest in areas that have been shown to be ineffective at protecting against multi-stage attacks—network defenses (65 percent) and endpoint and mobile device defenses (58 percent)—still see the highest increase in spending, while approaches like data-at-rest defenses that have been proven to be effective at protecting data after perimeter defenses have been bypassed, are at the bottom (48 percent)," Bekker continued.
The report goes on to detail some of the biggest threats to the security of your financial data. Cybercriminals are cited as the largest external cause of data breaches at financial services companies, because surprise, criminals want access to that lucrative financial data. Privileged users are cited as the greatest internal threat actor at financial services companies, as cybercriminals often target the accounts of privileged users specifically because of the greater access to company resources those users have.
Part of what makes data security such a monumental task is the increase in the amount of data—and how widely that data is spread out. Use of both big data and cloud services are now highly prevalent at financial services companies, according to the report; 59 percent of those surveyed use sensitive data in big data environments, and 91 percent of those surveyed use sensitive data in cloud environments.
So what are companies doing to fix this? There’s good news on that front.
Of the IT pros surveyed, more than two-thirds (70 percent) are planning to increase spending to protect sensitive data. And 62 percent are working on better data security for brand and reputation management. Nearly half, 48 percent, will invest in data-at-rest defenses this year. Other tools IT pros are planning to invest in include:
- Application encryption: 33 percent
- Privileged user access management: 29 percent
- SIEM (security event and information management) systems: 29 percent
- Tokenization: 42 percent
Companies are moving in the right direction, but maybe not fast enough. Until these issues get sorted out, stuffing your mattress may not be such a bad idea after all.