Financial institutions play a principal role in any country’s economic growth. And as far as the level of their influence is concerned, their crucial role in everyone’s life can never be undermined. Consequently, data security becomes a primary concern for such financial players and without a doubt, any cybersecurity incident can dangerously expose the crucial information of millions of their customers and sabotage their repute massively.
Security Incidents Rose By 1000% in 2018
Recently, a major tax and consulting firm called RSM made a Freedom of Information request to the Financial Conduct Authority in the United Kingdom in order to gain some important insights related to cyber-attacks and hacking incidents in the UK's financial sector.
According to the details disclosed by the officials in response, there has been a steep upsurge in the number of cybersecurity-related incidents caused due to hacking attacks or other issues reported by the financial institutions across the country.
The response to the Freedom of Information request revealed that in comparison to the number of incidents reported in 2017, the security-related incidents rose by around 1000% in 2018.
The financial organizations had reported nearly 69 incidents in 2017, and the number skyrocketed to 819 in 2018. Surprisingly, out of all these information security incidents, around 60% were reported by the nation’s major consumer banks.
Cybersecurity experts are assuming that presumably this rise has been driven by the execution of the EU’s General Data Protection Regulation (GDPR), wherein institutions are obliged to report any such security incident upon detection. But, as per the reports of RSM, it was unveiled that despite GDPR and other drivers, the number of cyber attacks on the industry, in general, is on a consistent rise.
The firm’s cyber-security specialist, Steven Snaith, revealed that huge volumes of personal and financial data of customers are held by the web-enabled systems and cybercriminals are on a constant lookout for such sensitive data. This makes the financial services sector even more vulnerable on the cybersecurity front.
Another problem that is generally encountered is that there are lots of freely available cyber-attack tools and other sources online that literally could result in sourcing these attacks.
Meanwhile, there is absolutely no legislation that makes developing or possessing these tools illegal and this is why the problem is being exacerbated on a huge scale. One of the major observations over the years has resulted in the outcome that most of the cyber-attacks of one form or the other have taken place due to issues with equipment and software, problematic attempts of switching from one system to another and faulty services by the third-party.
There have been a number of other causes such as hardware and software issues, ransomware, phishing, compromise of credentials, human error, failure in IT management and process/control failure. However, hardware and software issues, change management and third-party failures continue to top the list of root causes behind these attacks in 2018 and even in the first quarter of 2019.
It has also been found that about one-third of the firms do not perform regular cyber-assessments due to which it becomes a challenge to maintain a safe picture of internet security. Also, around half of the firms do not upgrade to new IT systems in time. Infrastructure also plays a very important role in determining how the cyber-security issues are handled. It’s a frequent observation that only the largest firms are able to detect potential cyber attacks due to the presence of automated detection systems while smaller firms generally rely on old school, manual processes or absolutely no processes at all.
Despite a constant threat, most of the firms in the UK and around the world are under-prepared for data breaches. Most of them still feel they are not on the radar and sooner or later, this needs to change. And, as far as the financial institutions are concerned, they need to understand the seriousness of the situation and bolster their systems and adopt the best cybersecurity practices in order minimize the occurrence of such security incidents.