Finserv Data Security: Key Concerns for Banks & Credit Unions
August 23, 2018
18 data security professionals address key concerns for banks and credit unions when it comes to securing sensitive information.
Banks and credit unions face the same data security concerns as any other business, plus a few additional worries given the highly sensitive nature of the data these organizations manage – not to mention the sheer volume of individuals who stand to be impacted should security measures fail.
The Equifax breach served as a barometer-of-sorts on the financial industry’s risk profile. This widespread data breach highlighted the need for a shift from a focus on risk mitigation within the institution itself to considering a broader risk profile and the need for more comprehensive security that reaches beyond the walls of the institution. Now, banks and credit unions are increasingly taking a closer look at the risks posed by third-party relationships and managing risks incurred as a result of necessary infrastructure upgrades, all while grappling with regulatory uncertainty and a more complex threat landscape as threats like ransomware continue to grow.
To learn more about the top data security concerns facing banks and credit unions today, we reached out to a panel of data security pros and asked them to answer this question:
“WHAT ARE THE TOP DATA SECURITY CONCERNS (OR MISTAKES / MISCONCEPTIONS) FOR BANKS AND CREDIT UNIONS?”
To find out what everyone said read the article here
James Doggett is the CISO and SVP North America of Panaseer. James previously served as the Chief Technology Risk Officer for AIG, the Chief Security Officer and Chief Technology Risk Officer for Kaiser Permanente, and was Managing Director of JP Morgan Chase, the division responsible for Security Services IT Risk.
“Contrary to popular belief, for most banks, the biggest data security concern is not someone stealing money…”
While banks certainly should continue to keep bad actors from absconding with the cash (physically or digitally), most security efforts go towards protecting the bank’s reputation and meeting regulatory requirements in reality. While the loss of actual money can be harmful to a bank, the impact of the inappropriate disclosure of customers’ personal information usually has far greater negative impacts in terms of loss of customer confidence or regulatory fines.
Similarly, the impact of a successful ransomware attack, while there is no direct loss of money, can have massive financial impact to a financial institution in terms of loss of business. And how do banks best defend against reputational and regulatory losses? Banks need to focus on the basics of security (cyber hygiene) where most breaches occur. Yes, the latest technical exploit is important to defend against, but only after shoring up the basics of Enterprise Cyber Hygiene.