Data Loss Prevention

English

Why Supply Chains Are Today’s Fastest Growing Cybersecurity Threat

Business ecosystems have expanded over the years owing to the many benefits of diverse, interconnected supply chains, prompting organizations to pursue close, collaborative relationships with their suppliers. However, this has led to increased cyber threats when organizations expose their networks to their supply chain and it only takes one supplier to have cybersecurity vulnerabilities to bring a business to its knees. To this point governments around the world have highlighted supply chains as an area for urgent attention in tackling cyber risk in the coming years.

Looking Beyond Your Own Perimeter

Over the last few years, many organizations have worked hard to improve their cyber defenses and are increasingly ‘harder targets’. However, for these well-defended organizations, now the greatest weaknesses in their defenses are their suppliers, who are typically less well defended but with whom they are highly interconnected.

At the same time, the cyber threat landscape has intensified, and events of the past year have meant that security professionals are not only having to manage security in a remote working set up and ensure employees have good accessibility, they are also having to handle a multitude of issues from a distance while defending a much broader attack surface. As a result, points of vulnerability have become even more numerous, providing an attractive space for bad actors to disrupt and extort enterprises. Threats have escalated, including phishing and new variants of known threats, such as ransomware and Denial of Service (DDoS) attacks, as well as increases in supply chain attacks.

But where supply chains are concerned, it is nearly impossible to effectively manage this risk unless you know the state of your suppliers’ defenses and continually ensure that they are comparable to your own. Organizations must deeply understand the cyber risks associated with the relationship and try to mitigate those risks to the degree possible.

However, that’s easier said than done. With the sending and receiving of information essential for the supply chain to function, the only option is to better identify and manage the risks presented. This requires organizations to overhaul existing risk monitoring programs, technology investments and also to prioritize cyber and data security governance.

Ensuring the Basics are in Place

At the very least organizations should ensure that both they and their suppliers have the basic controls in place such as Cyber Essentials, NIST and ISO 27001, coupled with good data management controls. They should thoroughly vet and continuously monitor supply chain partners. They need to understand what data partners will need access to and why, and ultimately what level of risk this poses. Likewise, they need to understand what controls suppliers have in place to safeguard data and protect against incoming and outgoing cyber threats. This needs to be monitored, logged, and regularly reviewed and a baseline of normal activities between the organization and the supplier should be established.

As well as effective processes, people play a key role in helping to minimize risk. Cybersecurity training should be given so that employees are aware of the dangers and know how to spot suspicious activity. They should be aware of data regulation requirements and understand what data can be shared with whom. And they should also know exactly what to do in the event of a breach, so a detailed incident response plan should be shared and regularly reviewed.

IT best practices should be applied to minimize these risks. IT used effectively can automatically protect sensitive data so that when employees inevitably make mistakes, technology is there to safeguard the organization.

Securely Transferring Information Between Suppliers

So how do organizations transfer information between suppliers securely and how do they ensure that only authorized suppliers receive sensitive data? Here data classification tools are critical to ensure that sensitive data is appropriately treated, stored, and disposed of during its lifetime in accordance with its importance to the organization. Through appropriate classification, using visual labelling and metadata application to emails and documents, this protects the organization from the risk of sensitive data being exposed to unauthorized organizations further down the line through the supply chain.

Likewise, data that isn’t properly encrypted in transit can be at risk of compromise, so using a secure and compliant mechanism for transferring data within the supply chain will significantly reduce risks. Managed File Transfer (MFT) software facilitates the automated sharing of data with suppliers. This secure channel provides a central platform for information exchanges and offers audit trails, user access controls, and other file transfer protections.

Layering Security Defenses

Organizations should also layer security defenses to neutralize any threats coming from a supplier. Due to its ubiquity, email is a particularly vulnerable channel and one that’s often exploited by cyber criminals posing as a trusted partner. Therefore, it is essential that organizations are adequately protected from incoming malware, embedded Advanced Persistent Threats, or any other threat that could pose a risk to the business.

And finally, organizations need to ensure that documents uploaded and downloaded from the web are thoroughly analyzed, even if they are coming from a trusted source. To do this effectively, they need a solution that can remove risks from email, web and endpoints, yet still allows the transfer of information to occur. Adaptive Data Loss Prevention (DLP) allows the flow of information to continue while removing threats, protecting critical data, and ensuring compliance. It doesn’t become a barrier to business or impose a heavy management burden. This is important because traditional DLP ‘stop and block’ approaches have often resulted in too many delays to legitimate business communications and high management overheads associated with false positives.

Cyber Criminal Attacks Set to Rise

Many of the recent well publicized attacks have been nation state orchestrated. Going forward this is going to turn into criminal syndicate attacks. Cyber criminals already have the ransomware capabilities and now all they need to do is tie this up with targeting the supply chain. Therefore, making sure you have the right technologies, policies and training programs in place should be a top priority for organizations in 2021.

If you are interested in finding out more about protecting your supply chain, download our Guide: “Managing Cybersecurity Risk in the Supply Chain.”

Download the Guide

Additional Resources

On-Demand Webinar: Managing the Cybersecurity Supply Chain Risk in File Transfers

Public Sector Cybersecurity Priorities in 2021

2020 was a year of unprecedented challenge for anyone working in public sector cybersecurity. As well as juggling the usual trials and tribulations that come with working in cybersecurity, it was a year that brought a global pandemic. This meant that almost overnight, employees had to work from home and cybersecurity teams had to do everything in their power to ensure that systems and data remained safe and secure.

With no immediate end in sight to the on-going COVID-19 situation, it looks like homeworking and all the attendant cybersecurity threats that come with it will continue for some time. Even if the vaccines work and the world returns to a semblance of normality later in 2021, it looks like the pandemic has changed our working patterns for good – according to a survey by Price Waterhouse Coopers, 83 percent of workers want to work from home at least one day a week and 55 percent of employers anticipate most of their workers will do so long after the pandemic has passed.

What does this mean for cybersecurity in the public sector in 2021 and what can organizations do to improve their security posture?

Increase Cybersecurity Awareness and Best Practices

Clearswift launched research with UK public sector cybersecurity workers in May 2020. The Unknown Threat sought to highlight areas of vulnerability in the public sector and bring to light any areas of poor practices that cybersecurity teams might be unaware of. Although the UK public sector has made great advances in cybersecurity over the past four or five years, the findings in our research were concerning.

There was a widespread lack of awareness of cybersecurity, with almost half of respondents having either not heard of, or not knowing what ransomware is. Outdated operating systems are a common point of entry for cyber-criminals, and the research found that 11% of public sector employees were still using Windows 7 - this has not been supported by Microsoft since January 2020.

This all makes very clear the requirement for training and best practice guidance for employees. If an employee can at least recognise a malicious email, then they will be far less likely to click on a link or open a file or image containing ransomware. This need has only increased since the emergence of COVID-19, as a distributed workforce lacks the usual corporate cybersecurity defenses and is perhaps more distracted when juggling work with home-schooling.

Prioritize the Security of Data

Remote collaboration increases the risk that an organizations’ data is not always shared securely 100 percent of the time. With employees sending and receiving sensitive information to each other or to third parties, files can be easily compromised unless protected by a secure solution. 

Manage File Transfer (MFT) solutions automate the safe transfer of files, both inside and outside the organization. HelpSystems’ award-winning MFT solution uses encryption and authentication to keep sensitive data secure when sharing files. Without an enterprise solution in place, employees may revert to using software they are familiar with, such as DropBox, Google Drive and others, and while these are fine for personal use, they can’t assure the comprehensive protection a public sector organization needs to minimize data loss or cyber threats.

Combining MFT software with Clearswift’s ICAP Gateway creates an even more effective solution as files are automatically sanitized of embedded cyber threats such as ransomware and any unauthorized sensitive data is removed.

Manage Digital Transformation and the Move to Office 365

Digital transformation has been an objective in both the private and public sectors for a number of years now, and while there has been undoubted progress, there is mounting pressure for the public sector to go even further. This includes the digitalisation of many services and investment in modern systems that help people access government data online.

COVID-19 also served to accelerate many trends that were already gathering pace and momentum, and one-such digital transformation trend is the move to Office 365. The effectiveness of this comprehensive collaboration suite is undeniable with many public sector organizations already benefitting from its cloud-based capabilities. But in the rush for cost-effective deployments, are public sector organizations missing out on vital security for emails for example because the level they’ve bought into does not provide adequate protection for sensitive data or cyber-attacks?

Clearswift’s email security solution is used by many public sector organizations to close these gaps in security. Working in parallel with Office 365 deployments, it provides more robust and rounded protection from ransomware threats and sensitive data loss.

Building for 2021 and Beyond

It is going to be another tough year for cybersecurity teams, balancing the day-to-day security demands – made even harder by the on-going pandemic – with the need for digital transformation and adapting to the future.

Achieving both requires a combination of agility and forward-thinking. Increasingly this involves working with in partnership with cybersecurity vendors who can provide and integrate best-in-class solutions. HelpSystems Data Security Tools help keep public sector organizations safe and secure from the ever-evolving challenges that face them.

Let us work with you to understand your cybersecurity goals, starting with an initial consultation to discuss your priorities and how we might help you achieve them.

Book a Demo

Additional Resources

Report: New Research Uncovers the Cybersecurity State-of-play in UK Public Sector
Blog: Why do I Need a Managed File Transfer Solution?
Webinar: How to Enhance Data Loss Prevention in Office 365

10 Tips to Protect Your Company’s Data in 2021

The amount, complexity, and relevance of the data that companies handle has increased rapidly over the years. Today the data stored by organizations can contain information from buying and selling transactions, market analysis, ideas for future technological innovations, customer, or employee information (salaries, health information) and more.

As a consequence, confidential and sensitive information has become one of the most valuable assets of organizations and today, more than ever, it is necessary that it be protected throughout its life cycle without this altering the pace of the business.

In 2020, with the rise of remote work caused by the COVID-19 quarantine, many companies have been exposed more to security incidents and cases of hacks have continued to rise. With the new year just beginning, it's a good time to consider what you can do to ensure your company data is protected and your business is not the victim of a data breach.

When thinking about data security strategies in 2021, here are 10 tips to keep in mind:

1. Replace FTP Scripts

Many companies still exchange information with clients, partners, or other offices using scripts or custom-developed programs. However, it is not recommended to do so as these outdated methods are a threat to your organization’s security.

In regard to security, the first point to note is that the architecture of the FTP scripts used to send information is usually highly vulnerable. In addition, they do not offer enough control over the data, their traceability is lost, and they are not accepted by the main compliance regulations (PCI-DSS, SOX, and others).

We recommend that you stop using scripts and implement a Secure FTP solution that works with secure protocols that guarantee the confidentiality of the information is centrally managed, allows you to have full control and traceability of data movements for audits and compliance with regulations, automates processes, and more.

Related Webinar: Replace FTP Scripts with a Managed File Transfer (MFT) Solution
Related Reading: Beyond FTP: Securing and Managing File Transfers

2. Encrypt Data in Transit and at Rest

Encryption helps the information that is stored and shared to keep its confidentiality (only accessible by those who must access it) and integrity (everything that is encrypted remains complete and unaltered). Furthermore, by encrypting your data, you ensure that even in the event of improper access, the information will not be readable. This is why encryption is essential to protect your data against cybersecurity threats, even more so because it must be used to comply with regulations or standards specific to each industry.

Although there are many encryption software’s, even some free ones like Open PGP Studio, it is necessary to know the different options and choose the right one for your specific case. File transfer software can encrypt data in transit, and digital rights management solutions can control and revoke document access, no matter where the data is located.

Do you need personalized advice on encryption and data security? You can contact an expert to help you analyze your specific case.

3. Use Secure Collaboration Tools Between Employees, Customers, and Partners

On a daily basis, it’s often necessary to share information with business partners and between employees located in remote locations; this situation has additionally increased with the rise of remote work caused by the pandemic.

To protect information, it is key that your company uses secure collaboration tools that are agile to use and allow you to perform key tasks for daily operations, such as some of those offered by GoAnywhere MFT: 

Secure Folders: This allows employees to securely access corporate documents housed in folders on the company server.
Secure Forms: Is used to create forms to be used as an interface to request and/or share information through legacy applications or databases.
GoDrive: It offers users cloud storage with strict security mechanisms to protect data and data traceability.
Secure Mail: Is used to send messages and files by email, encrypted and without size limitations.

HelpSystems is a leader in managed file transfer with our GoAnywhere MFT and GlobalSCAPE EFT offerings.

4. Avoid Common Mistakes When Sending Large Files

Many organizations share large files that are critical to the business and only when transfers get stuck or are “undeliverable” do they realize they have a problem. Or worse yet, employees continue to use unsafe methods, generally free, continuing to avoid the inevitable.

This is a serious error because in those cases the information can be easily compromised as it usually travels without being encrypted, secure protocols are not used, and the organization loses traceability of the data. In addition, if the file does not reach its destination due to its large size, users do not usually receive notifications. And if they do receive them, they must rerun the process again manually, which entails a notable loss of time.

Our recommendation is to use a Managed File Transfer tool that offers a way to send large files safely, with automatic resumption in case of errors, notifications, traceability and audit reports. GoAnywhere MFT allows you to send large files encrypted using secure protocols and in an automated way.

Watch this video to find out how it works.

5. Identify Compromised Devices on the Internal Network

Hackers are becoming increasingly dangerous and the advancement of technology seems to be working in their favor. Nowadays any device with an Internet connection can potentially be hacked, from a personal smartphone to an MRI machine for institutional use. And thanks to that first step, attackers can breach your security infrastructure and access the corporate network to steal your information.

Unfortunately, in 2021 we have seen that cyber-attacks of this type have increased, with several multinational companies becoming victims of hacking.  It is essential for your company to identify with certainty compromised devices in the internal network, but that alone is not enough. To properly protect your data, we recommend you have an advanced network traffic inspection threat detection solution, such as Core Network Insight. To learn more about it, you can request a live demonstration without obligation, by a cybersecurity expert, who will advise you on what you need to take into account in order not to be a victim of a data breach.

Request a live demo of Core Network Insight.

6. Inspect Your Data Content Using DLP Technology

Even if your company prioritizes access, user permissions, and encrypts the channels for sending information, you still need to prevent sensitive information (such as credit card data, personal data, etc.) from being incorrectly sent or received and stop files containing ransomware from being circulated in your company. To minimize these risks, Data Loss Prevention (DLP) technology can be applied over email, web, and file transfers to inspect incoming and outgoing content and automatically remove any unauthorized sensitive data or active code.

Unlike other DLP technologies that simply ‘stop and block’ content from being sent and received, HelpSystems’ Clearswift solution sanitizes the files (including any images and scanned documents) of any offending content before allowing them to continue on their way. This permits the flow of information to continue but protects the organization from potential data breach threats.

If you want to know more about this technology, we recommend you request a meeting with one of our Cybersecurity experts. Request a presentation of Clearswift's Data Loss Prevention solutions.

7. Classify Your Data to Protect It

A very common mistake in all data protection strategies is to treat all everyone the same way. Contrary to what may be believed, this complicates the processes and reduces their effectiveness. A salary listing is not the same as a marketing file or an annual sales estimate, so effective data management and protection begins with a good data classification. It must be known what types of data your company has, where it is hosted, and what level of criticality and business value it has to determine which ones should be protected, how to do it, and who should have access and control over them.

All of this is possible through a Data Classification solution. HelpSystems owns the two leading data classification solutions: Titus and Boldon James.

Request a meeting to learn more about them.

8. Create and Implement a Cybersecurity Program

If you do not have one in place yet, you should create and implement a cybersecurity program that will help you to not only protect your data, but any company assets that could be compromised by hackers.

A security program essentially establishes what must be done to understand particular assets (information and systems), what must be in place to take care of them, and how to act in case of an attack. It is very important that this program involves all the employees of the organization and is explained to them in a language that everyone can understand (beyond the technical details).

In addition to the specific recommendations that we have already made in the previous points, depending on the industry in which your company operates or the criticality of your information, it may be necessary to perform pen testing of your environment. A solution like Core Impact allows you to implement tactics similar to those used by hackers to test the security of the organization very easily.

If you want to know more about Core Impact, you can request a demo. Or watch the video: The Good, the Bad, and the Ugly of Penetration Testing

9. Try the Data Security Solutions You Want to Implement for Free

In times when budgets have been greatly shortened and resources diminished due to the pandemic, software purchases must be made meticulously. For this reason, we recommend that before deciding on a data security software, you download a free trial version of it that allows you to learn how to use it and analyze if it is the right one for you. You can also request a demo tailored to the needs of your company so that the software provider can help you analyze if it meets the functionalities you are looking for and meet your expectations.

All the data security HelpSystems solutions that we mention in this blog offer one of these options (or both) and our team of professionals speak your same language.  

10. Trust in a Comprehensive Cybersecurity Provider

One of the best tips to improve the security of an organization is to use compatible solutions, whose functionalities integrate well with each other. This will avoid headaches for IT teams and ensures that they can be implemented without stopping the business.

The best way to ensure this is by trusting a comprehensive provider that can offer all the cybersecurity solutions you need according to your specific case.

The HelpSystems portfolio includes all the key areas mentioned in the previous points and is consistently incorporating more cybersecurity products.

Meet with a Cybersecurity Expert

Did any of the previous tips give you ideas on how to improve the security of your data in 2021? Dig deeper and get advice from a HelpSystems security expert.

Contact Us

How Data Classification Helps Organizations Maintain a Strong Data Security Posture

The rise of globally dispersed workforces and new work from home requirements are placing extraordinary pressure on every organization’s cybersecurity. And wherever there is upheaval, so cyber criminals thrive. Alongside the devastating health and economic impacts of the coronavirus pandemic, we have also seen an escalation in cyber-attacks. A recent CISO/CIO survey, looking at cybersecurity challenges in large financial services (FS) organizations, revealed that 45% of respondents have seen an increase in the number of cybersecurity attacks since the pandemic began, while almost two thirds had suffered a cyber-attack in the last 12 months.

Naturally, an increase in cyber-threats puts an organization at a heightened risk of a data breach, the average cost of which is also on the rise. Although it varies from year to year, latest reports suggest the average cost of a data breach has risen by 10% over a five-year period to $3.86M in 2020. Add in long-term reputational damage to your brand, and you have a good number of reasons why it’s important to ensure that data is appropriately handled, classified, and stored.

In response to the year’s unprecedented challenges, 92% of CISO/CIOs working in FS organizations increased their cybersecurity investment, 26% significantly so, with a focus on investing in secure file transfer (64%) and increased automation (50%) moving forward. This focus is especially important when you consider that users are operating away from the normal office environment, which further increases the risk of data being accidentally shared.

This is where employees play a vital role in ensuring the organization maintains a strong data security posture, and for this to be effective, regular awareness training is required. In our survey, 45% of CISO/CIOs had re-evaluated their cybersecurity training and policies to better reflect the increased levels of home working – a positive step and one that encourages employees to be security assets not liabilities during this difficult time.

To further protect employees and sensitive data, the onus is also on organizations to invest in technologies that help stop the inadvertent and accidental misuse of data. The foundations of a strong data security posture start with data classification tools that label emails, documents and files according to their sensitivity and importance to the organization. Not only does this indicate to the wider technology ecosystem which data security policies to apply, but it’s also a visible reminder to users, helping them understand and correctly handle the different types of data throughout their lifecycle.

Using data classification tools and best practices helps facilitate compliance with regulations such as GDPR, HIPPA, CCPA and more. They also extend the value and effectiveness of other information governance solutions working in the technology ecosystem – adding new levels of intelligence to data loss prevention and data archiving solutions. Data classification enhances the performance of these tools as they read the metadata applied during the classification process to determine how the data should be treated, handled, stored, and disposed of during its lifetime.

Recognizing the strategic value of data classification, HelpSystems added the two leading technology providers, Titus and Boldon James, to its data security portfolio. The solutions allow users to classify both their emails and documents according to their sensitivity, using both visual and metadata labels. Once labelled the data is controlled to ensure that emails, documents, and files are only sent to those who need to receive them, protecting sensitive data from accidental or malicious data loss.

With remote working likely to remain in place for some time, making sure employees have the knowledge and technology tools in place to minimize the risk of a data breach is more important than ever. Data classification is a core tenet of any good data security plan and now customers can work with one vendor to ensure that their data and employees are well protected.

Clearswift customers looking to implement a data classification project should reach out to their account manager. They’ll work with you to understand your data classification requirements and provide you with user-driven or automated tools to fit your business needs.

Contact the Team

Additional Resources

CISO/CIO Market Survey Report: Cybersecurity Challenges in Financial Services
Data Security Solutions from HelpSystems
Titus
Boldon James

How to Prevent Data Exfiltration

What is Data Exfiltration?

Today, data is a valuable commodity. It has value to the organizations who own it and to those looking to exploit it through illegal activity. Data can be sensitive information about customers and employees, financial or strategic information, product designs or intellectual property, or any data that could undermine an organization’s market competitiveness. When this data is purposefully leaked from the organization without permission, it is known as data exfiltration and when it is lost, the organization suffers a data breach.

Why does Data Exfiltration Occur?

The primary objective for stealing data from organizations is usually monetary gain. Cyber-criminals or malicious insiders exfiltrate data so that they can either ransom it back to the organization or sell it for profit on the dark web. The average cost of a ransomware attack has increased steadily over the years, but significantly so in the last quarter of 2019 where it rose to over $84K, suggesting that ransomware is a growing business. It is also getting more sophisticated. New evolutions of ransomware, such as DoppelPaymer, are designed to not only exfiltrate data but to also make it publicly available if organizations fail to pay. 

Data Exfiltration over Email

With over 300 billion emails sent and received each day, email is an obvious vector for data exfiltration. With so much traffic, it can be difficult for organizations to distinguish between what is a legitimate communication and what is a data exfiltration threat.

Threats can come from the inside, where an employee with access to systems and databases can send out sensitive or valuable data at the click of a button, or from an external source, via a spear phishing or malware attack. Spear-phishing emails are cleverly targeted, crafted to look like they come from someone known to the recipient, this could be a fellow employee, customer, or supplier. They encourage the recipient to share sensitive data or to open an attachment that releases malware into the network. While employee training is key in recognising these incoming threats, it’s ultimately technology that can prevent them from succeeding.

Data Exfiltration via Removable Media

If access is not controlled, organizations risk data being uploaded to removable media devices such as USBs, external drives, or mobile phones. A data exfiltration study by McAfee revealed that 40% of data exfiltration activities involved physical media, such as stealing laptops or downloading to a USB drive. These statistics highlight the need for access controls and appropriate read/write permissions on endpoint devices.

Data Loss in the Cloud

The popularity of file sharing tools such as Google Drive and DropBox offer both convenience and flexibility when it comes to moving data. However, they also bring risk. Without controlling what information can be saved or downloaded from the cloud, organizations increase the risk of a data breach or a cyber-attack. Without controls in place, a person with access is free to download, save, and print any of the data stored in the cloud.

Data Hidden within Images

Those looking to exfiltrate data can exploit techniques such as steganography and hide the data within plain sight. Digital steganography is the practice of encoding or embedding sensitive data inside image files (JPEGs, BMPs, GIFs, etc) such that, to the naked eye, there is no visible difference. Without technology in place to detect this, a standard image hiding several thousand customer contact details can easily be emailed out of the organizations or uploaded to a website.

Solutions to Prevent Data Exfiltration

To mitigate the threat of data exfiltration, organizations deploy data loss prevention software tools at key egress points – email, web (cloud), and the endpoint. The security software provides visibility of the data being shared (who is sending what to whom) and allows controls to be put in place that prevent sensitive data from leaving the organization and malware from getting in.

Clearswift’s adaptive DLP technology scans content for sensitive or hidden data and potential cyber-threats, and automatically removes, deletes, or sanitizes the files before they are opened or shared. This automated process occurs in real time, significantly reducing the risk of data exfiltration attempts succeeding.

As well as the automated removal of sensitive data from messages and everyday files such as Word documents or Excel files, the Clearswift solution also removes sensitive data from image-based files using Optical Character Recognition technology. An anti-steganography feature also ensures that images are wiped clean of any hidden data they may contain.

Find Out More

For more information on how to protect your organization from data exfiltration threats, read some of the additional resources below. To see Clearswift’s DLP solution in action, ask for a demo from the team.

Request a Demo

Additional Resources

Blog: How to Neutralize the Rising Threat of Ransomware
Blog: Defending Against Doppelpaymer
Solution: Adaptive Data Loss Prevention
Solution: Anti-Steganography – Combatting Data Loss in Images

62% of Financial Services Firms in the UK have Suffered a Cyber-attack in the Last 12 Months

Financial Services (FS) is a sector facing unprecedented cybersecurity challenges. 62% of FS firms in the UK have suffered a cyber security attack in the last 12 months, while 40% have noticed more cybersecurity incidents since the increase in home working.

Our recent survey of 250 FS CISOs and CIOs reveals a difficult situation for FS firms. They need to keep the business secure in the face of increasing cyber-attacks, but they also need to have an eye on the future. It’s a balancing act that would be tough at the best of times, but now has to take place against the backdrop of a global pandemic. One of the seemingly tangential effects of Covid-19 has been the impact on cybersecurity. 

More than half of UK FS firms have already increased investment in secure collaboration tools and 56% say that securing the remote workforce has become a main cybersecurity objective. More than one-third say that Covid-19 has accelerated changes that were already in discussion, such as a move to Office 365, and it’s clear that managing a distributed workforce is going to be a major consideration for FS firms in the immediate and longer-term future.

When asked what had the potential to cause the most damage in their organization, UK CISOs cited cybersecurity weakness in the supply chain (60%), the insider threat – malicious or accidental (46%) and hackers gaining access to core systems (42%). Cybersecurity weakness in the supply chain was the main global challenge identified by our respondents. There are countless examples of cyber-attacks where this weakness was exploited, highlighting just how hard it can be to keep an organization secure in our interconnected world.

There is no magic wand for FS firms as they look to maintain security measures in the here and now, while also addressing longer term digital transformation goals. The latter was mentioned as the number one challenge for FS both now and in three years’ time.

According to CISOs, data visibility is the biggest cybersecurity weakness in FS organizations today. Therefore, it is vital that FS firms understand what data they have, where it resides and how it travels. Having the right technology and processes in place keeps data secure and makes it easier to meet regulatory challenges. Firms must also continue to educate employees, so they are aware of how to handle data in accordance with compliance regulations and how to spot potential cyber threats.

For more information on our global findings, download a copy of the report here.

Download the Report

Here at HelpSystems we work with customers to help keep their data safe, secure, and compliant. Our data security solutions facilitate the proper handling of sensitive or valuable data, allowing our customers to achieve and maintain compliance through the management and control of data at rest, in use and in motion.

For more information, contact the UK sales team.

Related Resources

Press Release: Almost Two-thirds of Financial Service Firms Have Suffered a Cyber-attack in the Last 12 Months

Infographic: Cybersecurity Challenges in Financial Services

On-demand Webinar: Shaping Cybersecurity Resilience in Financial Services