How Finance Firms Can Reduce Data Security Risk


IT outsourcing and managed services specialist, Advanced 365, offers its top tips on defending against new cyber threats

Financial services firms will need to adopt more widespread use of emerging technologies to neutralise the threat of damaging security attacks. This is the advice from leading managed service provider, Advanced 365.

The ongoing rise of cybercrime is directly impacting the financial services industry. A survey of senior financial executives, conducted by McKinsey, has revealed that almost two-thirds (60 percent) believe the pace of security attacks will increase more quickly than the ability of their organisation to defend themselves.

BURNING MONEYNeil Cross, managing director of Advanced 365, says: “Many organisations have left themselves vulnerable due to historically perceiving data security as a cost with little benefit, as opposed to a strategic driver of the business. With attacks becoming more sophisticated, there is considerable need for financial institutions to embrace emerging technologies to maintain the trust of their customers and remain compliant.”

Below, Cross outlines seven tips which financial services organisations should consider to tighten their security policies.

1. Bring Your Own Identity

By 2020, banks will adopt a ‘Bring Your Own’ identity approach by using biometric verification technology to reduce fraud. A growing number of consumers would be prepared to make payments via biometric scanning, such as retina or fingerprint scans, in addition to paying for goods and services using voice authentication.

2. Look into mobile virtualisation

Mobile devices are prime hacker targets due to holding diverse sets of data containing often lax security controls. Mobile virtualisation enables multiple operating systems to run simultaneously on a smartphone. By ensuring sensitive personal and corporate data is isolated the technology can protect end users from threats, without them having to compromise on privacy and choice.

3. Implement tokenisation

The Visa Token Service (VTS), launched by Visa in September 2014, replaces sensitive credit card information. The ‘tokens’ are a unique series of numbers that can be used to make payments without exposing actual financial information. To date over 500 financial institutions have implemented VTS and tokenisation is set to expand to mobile devices.

4. Leverage real-time analytics

By analysing accounts, users or other entities, and looking for inconsistent transactions against those profiles, big data could identify known patterns of security violations. The use of real-time analytics across multiple data sets – both structured and unstructured – could increase operational efficiency and facilitate faster time-to-remediation when investigating possible fraud.

5. Use cognitive computing

Security professionals are often in the dark about whether their business systems have been breached, and when. Cognitive computing, which combines computer science and data analytics, could provide the answer. Cognitive computing can rapidly sift through huge volumes of data generated by network hardware and information systems to identify security incidents that humans often miss.

6. Use forensics software to monitor criminal activity

Advanced forensics is evolving from simply analysing a security breach after the event to being able to profile hackers and their attack methods. The technology can be used to help build bio data patterns of criminal and malware activity to help firms remain agile and stay one step ahead.

7. Invest in quantum cryptography

Emerging quantum cryptography technology may eventually replace encryption as the most secure communication method. By using photons of light to physically transfer data in secret between two entities, known as encryption keys, quantum cryptography generates random numbers which cannot be cloned by hackers.

Cross adds: “The biggest challenge for financial services firms is to identify a starting point to assess the maturity of their security strategies. Having established the nature of the risks, the organisation should then undertake a complete systems, process and staff audit to identify areas of weakness within each scenario.”

How much do you know about the world’s biggest tech failures? Take our quiz!