How Important is Data Security for the Financial Industry?

Data is the lifeblood of the financial industry. Poor security management and the cyber attacks they enable are like sharp knives waiting to cause data hemorrhaging at financial companies.

In a recent survey, 90% of financial companies worldwide think they are vulnerable to data security threats. In 2014, 165 P2P Internet financial platforms in China were ravaged by hacker attacks.

Internet financial crime stole the limelight in 2015 with the financial attacks perpetrated by the Carbanak criminal organization. The gang targeted more than 100 banks and other financial institutions across more than 30 countries, and has stolen up to $1 billion since 2013.

Data is Money

Most cyberattacks are based on hijacking data for profit. With the formation of the online black market, financial enterprises have become a coveted target for hackers looking to sell personal and sensitive information obtained by exploiting system vulnerabilities. Data leaks not only cause financial losses but also negatively affect the company's brand and reputation.

A growing number of high risk industries - finance, healthcare and E-commerce - have begun to put data security at the forefront of their business and are starting to take affirmative action. Vormetric’s Financial Industry Data Threat Report indicates that 70% of enterprises have or plan to increase their capital investment in data security. Among them, network protection (65%) and terminal protection (58%) have seen the largest increase.

Security Planning is Incomplete, and Vulnerabilities are Everywhere

In China, the financial security industry is not developing as quickly as the security threats it faces. DDoS attacks, brute force hacking, web application attacks, and fraud are the four major security challenges users face in the financial industry. External attacks are only the half of data security threats, the other half are typically from within the company itself.

Many financial enterprises, including large banks, can only provide makeshift solutions for managing data security. For example, in 2014, third-party security agencies conducted security assessments on 400 Internet lending platforms, 65% of which had security vulnerabilities and 35% had serious vulnerabilities. Because business release and promotion cycles are short, sometimes months or weeks, users in the financial industry have no time to consider internal security management. One application developer reluctantly admitted, "We just want to release the application on time. Nobody has time to think about security."

The research also found that the biggest "enemies" of enterprise security are employees. Company employees can pose a number of security risks by exposing passwords publicly, downloading free software, and using unsecured cloud applications (Softchoice).

The Cloud is Trending Towards Security

Financial policymakers need to consider the broader context of Cloud Compute when formulating enterprise security policies.

The China Banking Regulatory Commission recently said that by 2020, 60% of the domestic financial industry will be built on the cloud. Financial enterprises are facing an increasing need to integrate security, especially security on the cloud, into the basic aspects of application development. Choosing a reliable cloud service provider is the foundation for ensuring data and business security for financial companies.

Enterprises can measure the security of cloud service providers from several aspects, including (but not limited to) ensuring application continuity, data security protection mechanisms, security capabilities (the amount of DDoS, brute-force and web attacks defended daily), security team, compliance programs, and so on.

At the same time, as more and more financial enterprises gradually transfer their businesses onto the cloud, they should also bring their security strategy more in line with the “cloud environment”. This new security strategy is very different from the previous makeshift solutions as cloud protection needs to be more comprehensively deployed.

Taking the basic topology of financial business systems as an example, App-side reinforcement and threat detection are used to limit security risks to within the app itself, while Anti-DDOS Pro and WAF (Web Application Firewall) are deployed at the entry/exit point of the cloud system so that network attacks are blocked before reaching the server load balancer, routers, switches, servers, or other applications.

On the server layer, the host side is reinforced by host security products to fix some vulnerabilities right away. Meanwhile, HTTPS is used to encrypt the entire link from the APP to the application system and then data is stored in the database.

On the cloud, the financial industry also needs security tools that are capable big data analytics to anticipate and respond to attacks that are happening or are about to happen in real time. These tools are capable of detecting threats by analyzing relevant security elements in the entire network, including user operation logs, database behavior, and security logs across the entire network. This allows the discovery of previously unknown threats and the tracking of hacker activity.

In addition, deploying systems and applications to the cloud requires the financial industry to further strengthen employee permissions management and use key management systems to keep system passwords secure. Enterprises must also further improve employees' security awareness and encourage secure application development.

时间: 2024-09-17 12:09:48

How Important is Data Security for the Financial Industry?的相关文章

[文档]Data Security over Cloud

Data Security over Cloud This paper addresses the various problems and issues involved in using cloud services such as key generation, data security, authentication. Keywords-Cloud Computing, Cryptography, Access Control, Security temp_12050808029772

[文档]Robust Data Security for Cloud while using Third Party Auditor

Robust Data Security for Cloud while using Third Party Auditor Abhishek Mohta ,Ravi Kant Sahu,Lalit Kumar Awasthi In this paper, we present a way to implement TPA who not only check the reliability of Cloud Service Provider (CSP) but also check the c

Data Security is Now More Important Than Ever

INTRODUCTION In the age of disruption, big data is a powerful catalyst for businesses to achieve tangible growth. It helps corporations track consumer behavior, measure efficiency and forecast market trends. When leveraged correctly, the actionable i

Sharing, Storing, and Computing Massive Amounts of Data

Background Data is crucial to the operation of any business. Businesses often collect large numbers of logs so that they can better understand their own services and the people who are using them. As time goes by, the number and activity of users con

Interview with PowerMew - How Cloud Computing, Big Data and VR is Transforming the Real Estate Industry

"Heroes create the trend, and the trend transforms others into heroes too," remarked Eddie Chan, CTO & Co-founder of PowerMew. In comparison with other companies in the real estate sector, PowerMew differentiates itself from the competition

MaxCompute 2.0: Evolution of Alibaba's Big Data Service

The speech mainly covers three aspects: • Overview of Alibaba Cloud MaxCompute • Evolution of Alibaba's Data Platform • MaxCompute 2.0 Moving Forward I. Overview of Alibaba Cloud MaxCompute Alibaba Cloud MaxCompute is formerly known as ODPS, which is

Introduction to Change Data Capture (CDC) in SQL Server 2008[转]

Change Data Capture records INSERTs, UPDATEs, and DELETEs applied to SQL Server tables, and makes a record available of what changed, where, and when, in simple relational 'change tables' rather than in an esoteric chopped salad of XML. These change

Keeping Your Data Secure with Web Application Firewall

Abstract: How does a data leak occur? What should we do in case of data leaks? How should we prevent data leaks? 81.9% of network attackers are able to successfully intrude into another computer within one minute. A vast majority of attackers are abl

Computer Security

(I).Information security has 5 basic element, they are confidentiality, integrity, availability, controllability and auditability.1.confidentiality: ensure that the information is not exposed to unauthorized entities or processes.2.integrity: people