Credit: ID 164673298 © Denisismagilov | Dreamstime.com
Ensuring top-level enterprise security has never been more important for the financial services (FS) industry. According to the Office of the Australian Information Commissioner’s (OAIC) most recent Notifiable Data Breaches (NDB) Statistics Report (1 April – 30 June 2019), the finance sector reported the second highest notifications during that period. In addition, of all the data breach notifications received, 42 per cent involved financial details, indicating how valuable a successful breach of an FS organisation is to an attacker.
The push for better endpoint security
For IT teams, managing the different endpoints to reduce these breaches can be a difficult task when you consider the number of devices – including PCs, laptops, tablets and/or smartphones one individual has – let alone an entire organisation. Without the right infrastructure in place that allows for full network visibility, breaches can go undetected for extended periods of time, which ultimately gives the attacker freedom to snoop around the organisation’s network.
In addition to the significant number of endpoints in FS organisations, the nature and method of attacks are increasing, with hackers becoming more innovative and sophisticated in their approach. While firewall protection used to be enough to secure an enterprise’s network, the landscape has changed and now requires a much more comprehensive and integrated strategy.
So, what does this mean? In order to address the changing threat landscape, organisations need to change their thinking and capabilities when it comes to endpoint security. Traditionally, security teams would become actively engaged and investigate once an endpoint had been compromised, and would focus at that point on dealing with the effects of a breach. This mindset must shift to consider what the attacker is currently doing, how they’re doing it and what they might do next, meaning organisations need to better prepare and defend.
Enabling your IT team
Breach detection and management are undoubtedly important, however organisations must become more proactive, anticipating and thwarting attacks before they occur and quickly addressing vulnerabilities and active breaches, to stop any damage from occurring.
By implementing infrastructure that allows for increased network visibility and detection of breaches, security teams will be more alert to “breach signals” including lateral movement through systems, malware installation and data exfiltration.
Increase compliance with optimised security
Organisational cybersecurity and the correct management of data is under the microscope now more than ever before. This is seen through Australia’s NDB scheme, whereby organisations receive harsh penalties for not adequately reporting data breaches or protecting customer data. With that in mind, the implementation of the right security infrastructure is critical to FS organisations in ensuring they don’t end up in the headlines for all the wrong reasons.
With FS institutions increasingly becoming the target for complex and innovative attacks, it’s more important than ever that security strategies include endpoint protection and evolve to meet these threats. Ensuring teams are well-equipped with the right tools to detect and address active breaches is key to reducing the overwhelming presence of the FS sector in the next OAIC report and better protecting enterprise and customer data.