THE DATA THREAT: HOW FINANCE’S IT LEADERS CAN ENSURE ROBUSTLY SECURE WORKING IN TODAY’S MOBILE ERA

Neil Bramley, B2B Client Solutions Business Unit Director, Toshiba Northern Europe

In today’s professional climate, threats surrounding IT security and data protection are constantly growing in both frequency and magnitude; one only needs to think of the recent WannaCry ransomware cyber-attack, which spread across 150 countries globally, and is estimated to have cost the worldwide economy approximately £6bn. Such an ambitious and far-reaching attack perfectly demonstrates the increased intelligence and guile of today’s cyber criminals in their relentless pursuit of valuable company and employee data – as well as the inadequacies of many IT systems in protecting against such attacks.

A sector ripe for attack

Financial organisations,more than most, handle sensitive – and valuable – data,making the sector ripe for a focused attack. July’s hack on Italy’s largest bank, UniCredit, for example, put the data of up to 400,000 customers at risk – not only proving the sector’s susceptibility to cyber criminals, but also that its companies must take heed and prioritise their online security. The financial industry has been highlighted in a recent Ponemon Institute and IBM report a shaving amongst the highest per-record costs in data breaches out of 17 sectors surveyed, at $245 (£191) per record, and second only to healthcare at $318 (£249).

Alongside the increasing levels of business, commercial and personal data today’s banks and financial companies manage on a daily basis, the heightened risks associated with the growing popularity of mobile working must also be considered. It’s essential for staff at corporate banks, for example, to be able to work on the move, considering the numerous meetings likely to take place at various clients’ headquarters. Having access to their company’s files when out of the office is key to an employee remaining informed and prepared, and also provides the potential benefit – for employees and companies alike – of utilising travel time for work. Yet employees are often the weakest link in an IT security chain, and this increased preference for mobile and remote working only amplifies their vulnerability. They are more likely – however unwittingly – to act in unsecure ways, placing data at risk.

Companies in the financial industry must understand that security breaches and leaked data don’t only cost the organisation tremendously in terms of personal and business critical data being readily available online to those who may wish to do harm with the information. They will of course also suffer from potentially irreparable reputational damage, and can at the very least expect to be hit financially if customer confidence drops. Ponemon Institute and IBM report that the global average cost of a data breach for companies in 2017 is $3.62m(£2.83m),and this is before new directives such as next year’s General Data Protection Regulation come into play, which will impose strict financial penalties on organisations in violation of its terms.

Minimising the threat

The industry’s CIOs and IT leaders clearly have a challenging task ahead in ensuring that they are prepared to address the incalculable number of cyber threats circulating around the world’s IT networks each and every day. So how can such threats be minimised or, indeed, prevented?

 Firstly, while employees expect to have the ability to work productively wherever they are – for example at home, in a café or on a train –they need secure technology which allows them to do so. While business-built devices can offer a strong first security barrier– often being equipped with biometric tools such as fingerprint scanners – companies need to start considering solutions which shift sensitive data away from a set device entirely and centralise permissions and data access management. For example, mobile zero client solutions contain no locally installed operating system, HDD or SDD, and don’t allow any data to be hosted on the device – instead using it purely as a sophisticated mobile terminal. Both functionality and data is still, nonetheless, made available through a user’s existing Virtual Desktop Infrastructure solution. This eliminates the threat of malware being stored on the device and minimises the risk of data theft in the event the device is lost or stolen, ultimately removing the threat completely from the hands of employees.

Finance company leaders are undoubtedly placing both more trust in,and responsibility on,their CIOs and IT teams. Together with this added responsibility comes greater pressure for senior IT staff as companies begin to recognise the growing ramifications of a security breach.Since 2013, security spending has rocketed by 67 per cent, according to PwC’s Global State of Information Security Survey 2017, and by 11 per cent in the last year alone.With such large budget increases, security seems, therefore, to now be the number one priority within any IT strategy– as it must be when personally identifiable information plays a crucial role in day-to-day operations. Solutions such as mobile zero clients can and should play a central part in financial organisations achieving the vigorous protection necessary – without compromising on flexibility – in today’s professional landscape.

Neil Bramley, B2B Client Solutions Business Unit Director, Toshiba Northern Europe

In today’s professional climate, threats surrounding IT security and data protection are constantly growing in both frequency and magnitude; one only needs to think of the recent WannaCry ransomware cyber-attack, which spread across 150 countries globally, and is estimated to have cost the worldwide economy approximately £6bn. Such an ambitious and far-reaching attack perfectly demonstrates the increased intelligence and guile of today’s cyber criminals in their relentless pursuit of valuable company and employee data – as well as the inadequacies of many IT systems in protecting against such attacks.

A sector ripe for attack

Financial organisations,more than most, handle sensitive – and valuable – data,making the sector ripe for a focused attack. July’s hack on Italy’s largest bank, UniCredit, for example, put the data of up to 400,000 customers at risk – not only proving the sector’s susceptibility to cyber criminals, but also that its companies must take heed and prioritise their online security. The financial industry has been highlighted in a recent Ponemon Institute and IBM report a shaving amongst the highest per-record costs in data breaches out of 17 sectors surveyed, at $245 (£191) per record, and second only to healthcare at $318 (£249).

Alongside the increasing levels of business, commercial and personal data today’s banks and financial companies manage on a daily basis, the heightened risks associated with the growing popularity of mobile working must also be considered. It’s essential for staff at corporate banks, for example, to be able to work on the move, considering the numerous meetings likely to take place at various clients’ headquarters. Having access to their company’s files when out of the office is key to an employee remaining informed and prepared, and also provides the potential benefit – for employees and companies alike – of utilising travel time for work. Yet employees are often the weakest link in an IT security chain, and this increased preference for mobile and remote working only amplifies their vulnerability. They are more likely – however unwittingly – to act in unsecure ways, placing data at risk.

Companies in the financial industry must understand that security breaches and leaked data don’t only cost the organisation tremendously in terms of personal and business critical data being readily available online to those who may wish to do harm with the information. They will of course also suffer from potentially irreparable reputational damage, and can at the very least expect to be hit financially if customer confidence drops. Ponemon Institute and IBM report that the global average cost of a data breach for companies in 2017 is $3.62m(£2.83m),and this is before new directives such as next year’s General Data Protection Regulation come into play, which will impose strict financial penalties on organisations in violation of its terms.

Minimising the threat

The industry’s CIOs and IT leaders clearly have a challenging task ahead in ensuring that they are prepared to address the incalculable number of cyber threats circulating around the world’s IT networks each and every day. So how can such threats be minimised or, indeed, prevented?

 Firstly, while employees expect to have the ability to work productively wherever they are – for example at home, in a café or on a train –they need secure technology which allows them to do so. While business-built devices can offer a strong first security barrier– often being equipped with biometric tools such as fingerprint scanners – companies need to start considering solutions which shift sensitive data away from a set device entirely and centralise permissions and data access management. For example, mobile zero client solutions contain no locally installed operating system, HDD or SDD, and don’t allow any data to be hosted on the device – instead using it purely as a sophisticated mobile terminal. Both functionality and data is still, nonetheless, made available through a user’s existing Virtual Desktop Infrastructure solution. This eliminates the threat of malware being stored on the device and minimises the risk of data theft in the event the device is lost or stolen, ultimately removing the threat completely from the hands of employees.

Finance company leaders are undoubtedly placing both more trust in,and responsibility on,their CIOs and IT teams. Together with this added responsibility comes greater pressure for senior IT staff as companies begin to recognise the growing ramifications of a security breach.Since 2013, security spending has rocketed by 67 per cent, according to PwC’s Global State of Information Security Survey 2017, and by 11 per cent in the last year alone.With such large budget increases, security seems, therefore, to now be the number one priority within any IT strategy– as it must be when personally identifiable information plays a crucial role in day-to-day operations. Solutions such as mobile zero clients can and should play a central part in financial organisations achieving the vigorous protection necessary – without compromising on flexibility – in today’s professional landscape.