UK Financial Firms Admit to "Shocking" Cybersecurity Practices
Security professionals within financial services firms are losing the battle to keep vital data safe against a rising tide of cyber-threats.
That’s the assessment of a VMware survey of 201 UK-based IT security professionals, which found that 67% of respondents admit that cybersecurity practices in their organizations “would shock outsiders.”
Almost all (90%) also stated that they have had to make compromises that could leave other areas exposed when protecting their businesses, and half (51%) admitted that they do this regularly.
For instance, the study suggests that too great of a focus has been placed on protecting more visible consumer services, such as customer-facing websites, potentially leaving exploitable holes surrounding internal systems and trading data.
Similarly, findings show that while there is quite rightly an overwhelming focus on protection for e-banking and other applications, this too is often at the expense of other systems (71%).
“In chasing the digital promised land, financial services organizations run the constant risk of overstretching already antiquated security infrastructures,” said Ian Jenkins, head of network and security, UK at VMware. “Those on the front line defending against cyber-threats clearly feel there are significant flaws ready to be exploited: This should act as a wake-up call that there are serious risks to data if security isn’t baked into everything the organizations do. Ignoring them and the compromises they’re having to make could be hugely damaging.”
There also appears to be a sense of frustration in the direction those responsible for defending against security threats received, alongside a lack of understanding from leadership teams of the potential for breaches. Over half (53%) of the respondents said that they don’t believe their leadership team understands the complexity of today’s threats. A quarter (25%) stated the impact of cybercrime was simply treated as a cost of doing business; and 62% revealed they struggle to secure funding for urgent cybersecurity projects.
On a no-doubt related data point, 65% admitted that the stress associated with their role is hard to cope with.
“This past era of compromise towards cybersecurity must end,” said Richard Bennett, head of accelerate and advisory services at VMware. “A revised approach to protecting digital assets, starting at a security by design philosophy, is required to allow IT security professionals to dynamically manage the myriad of threats now faced. This involves understanding that cybersecurity does not begin and end with IT but is a challenge for the whole organization.”
Source: Information Security Magazine