Storage, Backup, And Data Recovery In The Financial Services Sector

  • Doron Pinhas, CTO at Continuity

  • 03.12.2022 09:30 am
  • #data

The financial industry is rightfully alarmed by the increase in both the amount and sophistication of data-centered attacks – primarily ransomware. 

We’ve all read the news. This is no longer a question of if, but how

When an organization’s data is compromised, the last line of defense is its storage and backup environments. The fact that so many financial services organizations eventually choose to pay the ransom simply because they see no other solution, leads to serious concerns regarding the industry’s storage and backup security maturity.

But how do security teams prepare for these rising risks?

Sometimes the best way for CISOs to plan ahead is by first knowing enough about rising trends and following the influencers. 

Analysis of Storage & Backup Security in the Financial Services Sector – the first of its kind – has just been released, revealing key trends in storage and backup security management. Sampling 200 security experts from financial services firms and banks from 45 countries.

Topics surveyed: 

  • The scope and focus of organizational vulnerability management
  • The impact of storage attacks
  • Confidence level in the ability to recover from ransomware attacks, and in the security of storage and backup systems
  • Identity of protected entities
  • Assessment and measurement of security configuration and vulnerabilities
  • Top challenges to securing storage and backup
  • Maturity of organizational security configuration baselines

 

Insights 

In search of structured analysis of the market maturity, challenges, and gaps, we were shocked to discover that too little work was done. 

The perceived impact of storage & backup attacks: We all know it’s bad…

Nearly 70% of respondents believe an attack on their storage or backup environment will have ‘significant’ or ‘catastrophic’ impact. 

In the financial and banking industries, digital data worth may be so high that a well-orchestrated attack on both storage and backup could wipe out a significant amount of the organization’s value, potentially affecting entire economies.

Confidence level in storage security and recoverability: We bear no good news 

Confidence among security teams is usually derived from technical capability, availability of resources and infrastructure, and proven compliance with industry standards.

When asked about the level of confidence in the organization’s ability to recover data in the event of a ransomware attack, almost 60% of respondents mentioned that they are not confident in their ability to recover from such an event.

Security auditing: Paying closer attention to storage and backup

Financial services is one of the most heavily regulated industries. Audits are performed both internally and externally and tend to evolve year-over-year based on advances in technology, industry regulation changes, and shifts in the threat landscape.

It was interesting to learn how pervasive storage and backup security controls have become, as part of IT auditing. In fact, more than two-thirds of respondents identified securing storage and backup being specifically addressed in recent external audits.

And yet, storage and backup systems are the two lowest focus areas of organizations’ vulnerability management programs

We all know that establishing a focus area for vulnerability assessment and management processes is an effective step towards strengthening an organization’s information security. Therefore, the fact that storage and backup are low on the list of priorities (the two least focused upon points) definitely shows there is a gap we, as an industry, need to close.

 

Maybe this finding is not that surprising given the fact that data storage, backup, and recovery management have always been demanding tasks. 

However, given that storage and backup compromise are at the heart of all current ransomware kits, surely the time has come for us to boost our knowledge – as well as our strategies – in protecting and hardening our storage and backup systems.

To summarize: Storage and backup security maturity is surely the gravity of the hour

Storage and backup security is an evolving practice. Given how lucrative organizational data and its growing business value have become, it is important to realize that we are all in an arms-race with cyber criminals. 

The honest feedback provided by the participants of this survey shows that there is still much to be desired. Most financial services firms and banks have not yet reached a satisfactory level of storage and backup maturity.

The 5 key opportunities for improvement include: 

  1. Assigning higher priority to improving the security of storage and backup
  2. Building knowledge and skill sets
  3. Improving collaboration between Infosec and IT infrastructure teams
  4. Defining comprehensive security baselines for all components of storage and backup
  5. Using automation to reduce exposure to risk and allow much more agility in adapting to changing priorities

…and much more.

Read the full report to learn more

Related Blogs

Data Compression Strategies
  • 1 year 2 months ago 05:00 am

Other Blogs