by Isabelle Dumont
Sometimes the ones closest to you are the ones you need to keep an eye on.
The year 2014 posted a 25 percent increase in data breaches compared to 2013, according to the Identity Theft Resource Center. Many of these breaches reveal how vulnerable companies are to cyber-attacks, while also exposing gaping holes that can be found in the IT infrastructures of many corporations. In addition, it’s common for breaches to come from an inside source.
Reports say the biggest breaches in 2014 happened not from external threats, but from inside the organizations themselves. Many banks investing in security this year are basing their decisions on the massive breaches that occurred in 2014. And while banks tend to focus on external threats, the threat may just as well come from the inside. In previous articles, Forrester reports state that many breaches happen from within or from individuals who had access to assets and information.
So how do you keep your bank secure from outside as well as inside threats?
Visibility into your bank’s internal infrastructure is just the beginning to regaining control over your data breach fears. By segmenting your network in security zones based on assets, users and partners that have similar security profiles or access to assets, IT gains better visibility into who your employees interact with, and can deploy innovative technologies without increasing the level of risk on a network.
Security is not just about infrastructure and the technology banks operate. It’s about the employees, partners and everything in touch with a business and its assets. In order to make the right investment decisions in security and still execute strategic initiatives, there needs to be a level of visibility among bank executives and IT professionals. The two parties need to ask the right questions to maintain the proper visibility of their network in order to make the right decision in investing in security.
- Who has access to data?
- What type of information can they access?
- Where does the communication come from?
- When are people accessing information?
- What part of the infrastructure is susceptible to an attack?
It’s important to find solutions that provide the highest degree of transparency across various teams involved with the organization’s security, eliminating silos of threat intelligence and network information along the way.
Visibility allows you to know where your infrastructure is exposed to cyber risk, and then reduce your susceptibility to malicious attacks.
Often the bad guys are just as smart as, or smarter than, the IT gurus at the companies they attack. They lack the regulatory and corporate layers that burden financial institutions, which allow them to be more nimble. However, hackers and cyber criminals can also be undisciplined. Many will pursue the path of least resistance, so the best way for your bank to advance its strategic initiatives is to minimize your attack surface and not be an easy target. Enhance your visibility, both internally and externally and your network security will rapidly get better than your competitors – and you’ll reduce your organization’s risk of being a victim of an attack.
Be Ahead of the Game
The explosion of threats has many banks searching for more security solutions. Anything financial institutions can do to stay ahead of the game is of great value; even if it means benchmarking against your peers, partners, and competitors.
If you can learn what competitors are doing, you can compare your strategy to theirs; looking at threat intelligence specific to the banking ecosystem, including customers, company vendors and partners, and locating the gaps in a bank’s infrastructure. By benchmarking against your peers and learning their strategies, you are able to move your institution’s network security posture from one that is responsive to one that is preventative.