UK Finance industry cyber security professionals say many problems exist

Over 65% of UK Info Sec experts have admitted to cyber security problems within their finance organisations that would “shock the world”.

In a recent large survey of over 200 UK located Information Technology Security experts who are based in the financial services industry, this was a concern that was discovered. The report was commissioned by VMWARE the virtual OS and Cloud architecture company.

Against a rising amount of security threats within the niche the survey showed that IT security specialists are now losing the race to secure vital data, such is the pace of change in the industry and the development of hackers technology alongside this. Over 90% of survey participants stated that they had to make compromises that left other security areas exposed when protecting the companies technology against cyber threats, half of them said they do this regularly.

The finance industry is heavily evolving into a more and more digitised industry, and the main company focus is placed on the protection of visible front end technologies such as the businesses website, which is potentially leaving gaping holes within the internal networks and financial trading data.

This survey showed that while there is a very focused security effort aimed at ebanking and consumer applications, over 70% of participating professionsl said this is very often at a cost of not properly securing their other systems.

In response to this highlighted threat, the Europol head, Rob Wainwright went on record stating that the technical capability and resources of some cyber hacking groups in fact is a massive thread to crucial segments of the financial sector, and that the storage of customer and companies most sensitive critical data within financial systems makes them a very attractive and lucrative target for cyber criminals.

The survey report said that as a result of the findings, the financial institutions had to balance their high speed approach to digitising everything with rigid and thorough cyber security practices throughout the company.

The security experts in the survey said that a large lack of understanding the potential threats by management was a cause of frustration, with over 50% of them saying that they didn’t think their managers had any grasp of the complexity and sophistication of the cyber threats that they are facing.

25% of the finance cyber security pros said the impact of cyber crime is merely a cost of doing business in the digital age, and over 60% said that they could never get enough funding for critical and urgent cyber security projects and fixes. As a result of this 65% stated that the stress of their security role was very hard to deal with and this was getting worse.

The head of Vmware network security in the UK, Ian Jenkins, said that while chasing the digital rainbow, many financial companies are running an ever increasing risk of overreaching the capabilities of their already old tech security infrastructures.

Front line security experts already believe there are significant potential entry points waiting to be found by hackers, which should shock the management of these big money finanace organisations into giving more funding into such a vital area of the business.

The EU head of accelerate and advisory services at VMware, Richard Bennet said the old practices of compromise based security and ignoring cyber threats must end.

“a new method of securing digital assets, beginning with a security by design philosophy, is needed to let IT security professionals dynamically coped with the huge range of security threats that now exist”

“This starts with knowing that cyber security does not start and finish with the IT department, but is in fact a big challenge for the entire company, and it also requires adaptive networking, systems and apps, not as options but as must haves, becayse cyber security needs to be in a modern finance companies DNA”

A report in mid 2017 by Mcafee said that financial service based companies have developed ungainly and unfit for purpose security infrastructures, highlighted by a massive array of complex tools which delays response and reaction times and thereby reduces actual effectiveness.

The FCA is hot on the heels of UK financial institutions regading cyber security and will be introducing new rules in August 2018 that forces banks to disclose and publish the details of security breaches and incidents to bring to the front those ones with weak systems or practices and ideally force banks to be realistic and up to date about the threat of cyber hacking and breaches.