Lessons Learned in Financial Data Security

Lessons Learned in Financial Data Security
15.07.2015 01:00 am

Lessons Learned in Financial Data Security


The unprecedented number of data breaches over the last year has increased investigation of attack patterns and deep post-breach analysis to reveal the root cause. Knowing your IT environment gives you better control over your most critical systems, but awareness of what is going on outside your perimeter gives you the opportunity to proactively prepare for possible cyberattacks. The negative experiences of other market players, especially in the financial sector, may serve as an excellent guideline for identifying existing gaps and strengthening your own security.

Netwrix, the IT auditing company that provides software to maximise visibility of IT infrastructure changes and data access, summarises three recent breaches where financial data was exposed using different patterns and shares some key lessons to mitigate the risk of future incidents:

  1. Morgan Stanley lesson. This case showed us that the importance of privileged account monitoring shouldn’t be underestimated. Insider misuse has always been a nightmare for security officers because it’s hard to detect and impossible to prevent. The headline-making Morgan Stanley experienced it firsthand when an employee stole customer information on 350,000 clients, including account numbers. To prevent users from taking advantage of their privileges, it is essential to enable continuous monitoring of their activities as well as ensure that employee permissions are properly granted. This will help you ensure that they are not extracting or manipulating data that is not required for their particular business needs.
  2. Premera Blue Cross lesson. Financial institutions are not the only entities whose financial data is vulnerable to exposure. US Health insurer Premera Blue Cross experienced a cyberattack that compromised the financial, medical and personal data of 11 million customers and all this happened only three weeks after a routine audit that revealed several problems with their network security. The main lesson to learn here is to take compliance regulations more seriously and consider them as a step toward stronger security, rather than a routine task that ends as soon as the door closes behind the auditors. Regular compliance validation is an opportunity to improve security and risk assessment processes as well as prove the adequacy of your internal policies. Because any vulnerability in the IT infrastructure may be exploited by sophisticated adversaries, address security issues that are identified by the auditors immediately, regularly review your internal regulations and update them according to changing threat patterns.
  3. Bank of Manhattan Mortgage Lending lesson. Despite increased attention to security, practice shows that many incidents are caused by human factors. No matter how advanced your security mechanisms are, they have little value against the negligence of just one employee who unintentionally discloses customer mortgage information, including personal and financial data, which was exactly what happened to Bank of Manhattan Mortgage Lending. Establishing strict security policy is not enough; in a fast-moving cyber risk environment, you need to know exactly who touches sensitive data and why. Visibility across the entire IT infrastructure is not a nice-to-have; it is a need-to-have data integrity factor that provides the necessary level of control to stay proactive in identifying and eliminating critical security vulnerabilities.

Related News

Worldpay from FIS Helps Crypto Brokers and Exchanges with New Chargeback Indemnification Service from Forter

FIS™ (NYSE: FIS), a global leader in financial services technology... Read more »

New data reveals bad habits leave Brits open to hacking online, despite feeling more vulnerable during the pandemic

New data from biometric authentication provider, iProov, reveals that despite 26% of Brits... Read more »

D-ID Secures Over $13.5 Million to Protect Against Mass Surveillance

The software platform that removes key biometric data from photos and videos continues to protect industries and individuals

Read more »

LzLabs and T-Systems Team Up to Drive Mainframe Transformation

LzLabs today announced an Agreement with T-Systems, one of the world-leading cross-manufacturer digital service providers,... Read more »

SunTec Group collaborates with AWS to offer cloud-native applications that help clients improve customer experience and drive revenue growth

SunTec, a leading provider of revenue and billing management solutions,... Read more »

DenizBank Uses OneSpan’s Mobile App Security Solution to Handle Doubling of Demand from COVID-19

OneSpan™ (NASDAQ: OSPN), the global leader in securing remote banking transactions, today announced that leading Turkish... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel