Despite 96% of U.S. financial-services organizations considering their technology security as adequate, 62% of those responding to a Thales survey said they experienced a breach. That’s according to the recently released 2019 Thales Data Threat Report.
Commissioned by Thales, the survey of 1,200 information technology and data security professionals and the ensuing report was conducted by research firm International Data Corp. Many U.S. financial services organization have strict data-security and similar requirements to contend with, but their breach rate outpaces other industries. Retail, at 42%, was the next highest among those ever experiencing a breach.
Many respondents—44%—consider their organization vulnerable or very vulnerable to security threats. It’s not an easy issue to contend with. A couple major complications are that criminals constantly shift their tactics and there are so many types of potential perpetrators, ranging from cyberterrorists, nation states, and criminals to employees and third-party vendors.
But in-house complexity also bedevils financial-services organizations. Eighty-five percent have two or more infrastructure-as-a-service platforms. A full 93% have 10 or more software-as-a-service environments they manage and 49% have more than 50 such environments. “These complex hybrid cloud environments cause issues,” the report says. “Data was more secure when you had a single environment to protect. Now managing multiple cloud instances introduces challenges for financial-services IT departments.”
One contributor to this complexity is that data-security vendors have their own unique solutions, says Charles Goldberg, Thales vice president of product marketing for cloud protection and licensing.
“The issues around complexity stem from the fact that every enterprise software vendor and cloud provider offers their own native solution for data security (not to mention a varied collection of key-management solutions that are often deployed in tandem). It is a lot to train, maintain, and operate,” Goldberg says via email. “The challenges with complexity fade very quickly when an organization invests in a data-security platform that centralizes their key management and delivers consistent data-security policies across all their data sources and environments.”
The IDC analysts suggest a similar approach. “[Chief financial officers] are questioning the [return-on-investment] of security spending and security professionals are going to need to identify solutions that let them address multiple layers of security concerns in a cost-effective manner,” the report says. “‘As-a-service’ and ‘platform’ solutions that cross environments can help eliminate much of this complexity and cost, making the job much more manageable.”