The Biggest Weakness of the UK Finance Sector is Cybersecurity

By Darren Guccione, CEO & Co-founder of Keeper Security

Over recent months, the UK finance sector has been sorely affected by the consequences of Brexit, with cross-European institutions and much of the City of London’s share-trading work now moved to European capitals and future development jeopardised. Work to shore-up business and ensure continuity has occupied the majority of finance chiefs’ mind-share over recent months, and seems set to continue for some time.

Alongside this, Covid-19 has forced an enormous acceleration in digital transformation. Organisations report exponential change. Systems and data within finance – explicitly designed to prevent external access when they were established, needed to be opened up and new ways of working introduced.

This double crisis – Covid and Brexit – has reduced the attention afforded by the finance industry to cybersecurity, it seems, and internet-based criminals smell blood in the water.

New research says seven out of ten financial businesses admitted they’d suffered a cyberattack over the previous 12 months. And nearly three in five of these attacks detected by UK finance firms were made easier because of the remote-working conditions created by the Covid-19 pandemic. There is also anxiety over the use of personal devices to conduct work operations, in some cases a necessary consequence of remote working during the pandemic.

Continual fire-fighting around Covid and Brexit has also led a large number of businesses to stop planning for cybersecurity emergencies – or not start that planning to begin with. A worrying half of finance leaders in the UK do not have what even they consider an ‘adequate’ cyber-incident response plan in place.

Small steps can also be giant leaps

But remote working is not inevitably insecure. Security can always be tightened through the right practices, tools and policies.

Rapid progress towards a more secure business can be made by picking the low-hanging fruit. Overwhelmingly, passwords are a point of weakness that can be made stronger with simple, yet effective changes. The vast majority of data breaches are caused by successful password attacks. And I suspect we all know why.

Typical professional workers need to be able to produce around 85 passwords or more on a regular basis, between their work and home accounts. No normal person can remember even a fraction of that number and, if they have memorised more than a few, it’s because they’ve developed some sort of “special system” – whereby all their passwords are strikingly similar. Otherwise, they’re engineered for human frailty. If you ask most people to produce a password including 8 alphabetical characters, 4 numerals and a special character, the typical response will be ‘password1234!’.

An enterprise-ready password manager is easily deployed, is simpler for users than remembering passwords, and is relatively inexpensive in relation to its impact. Good solutions generate passwords with high entropy, using technology that requires neither the user, nor the provider, to remember the password. Coupled with other relatively simple measures, often built into leading operating systems, the most common malicious routes to accessing sensitive information can be closed down.

The last year has created considerable changes to working life, and security has not always been front of mind. Twelve months on, this needs to be urgently addressed and the UK finance industry needs to be especially cautious, given the attractiveness to cyber criminals of the wealth of data it possesses.

A reliable security infrastructure is more crucial than ever as UK financial service providers battle for business outside the EU’s single market in the wake of Brexit.

Without rigorous security in place, finance firms are putting their operations and potentially, client information at risk. A single successful cyberattack is enough to destroy the reputation of an entire business. As we continue to navigate the work landscape of 2021, financial companies should act now to invest further in cybersecurity strategies and technology before it’s too late.