Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | Big Data Security for Finance SectorBy: RoundWorld Solutions As the release of the so-called Panama Papers recently demonstrated, financial institutions are top targets for those seeking to leak or otherwise compromise sensitive data, be it for politically- But for banks and other financial firms, safeguarding financial data from security breaches is as complex an endeavor as it is crucial. The data itself is highly diverse, ranging from customer financials & account information to cardholder data, transactions and non-public personal information. Banking and financial institutions also need to secure the storage, transit & use of this sensitive data across business applications, including online banking and electronic communications. Although these large, consolidated datasets can provide enormous strategic & competitive value for CFOs looking to enter into new markets or offer new financial products, they also provide a tempting target for cyber criminals. Financial institutions must continually balance their need to secure this data to ensure minimum risk while also maximizing return -- a reality that highlights the need for CFOs, and not just CTOs, to take an interest in the protection of Big Data. Complicating matters is the nature of the typical finance IT environment, which mixes new and legacy systems and applications across vast networks of branch offices, call centers & web portals. The increasingly global nature of the financial services industry makes it necessary to comprehensively address international data security and privacy regulations. At the application level, for instance, firms in the finance sector must contend with the weakest link in the security chain: Users & their devices. In a 2012 attack dubbed "Eurograbber," Service level attacks on financial firms often come in the form of a so-called "drive-by download attack," in which a hacker, posing as a bank's customer service representative, sends an email or otherwise tricks a customer into visiting a website that has been compromised & designed to look identical or very similar to legitimate banking websites. The user's computer is then infected with unwanted -- and invisible -- software that exploits exposed security flaws in the user's web browser and operating system. Once the hacker gains control of the user's computer and turns it into a zombie or 'bot, the hacker then has access to all manner of personal or financial information. The recently discovered Metel crimeware package provides some insight into the growing level of threat to banks and other financial firms at the transactional level. Metel hackers usually infect banking systems from within by exploiting vulnerabilities in web browsers or by tricking employees into execute malicious files attached to spear-phishing emails. The criminals then burrow further into the network by using legitimate security & administrative software to compromise other PCs and ultimately try to gain control over PCs used by call center operators or IT support, which typically have access to money transactions and sensitive data. These types of attacks are a threat to both data security and a firm's bottom line. One of Metel's most powerful components allowed criminals to withdraw nearly unlimited sums of money from ATMs belonging to another bank and then repeatedly resetting their card balances & bypassing the threshold that would normally freeze the card. From an infrastructure standpoint, the growing threat associated with rootkits and other malicious infiltrations of code means that financial institutions must consider security from the level of the file system to the database and beyond, while still allowing for common policy control & management infrastructure of both data-in-use and data-at-rest.. A robust and yet efficient system for safeguarding data requires that a bank or firm's big-data initiatives -- as well as traditional data centers, virtual environments, or cloud infrastructure -- is supported by common policy control and agents to ensure there are no gaps in security or Achilles' heels in terms of data protection. As the software platforms supporting Big Data move to mainstream use within the finance sector, managing data security -- while also maintaining access to the data where needed -- requires continuous diagnostics and monitoring. The customizable, template-driven RoundWorld Big Data 360-degree tool can provide a top-level down look at systems & practices while also taking into account critical banking and financial services compliance requirements. Our expertise in building robust security practices translates to real, practical solutions for each area within your security scaffolding, from customizing our template-driven checklist to ensure that customers are educated about how to prevent security breaches to preventing the kind of breaches at a service level that can hurt both a financial institution's bottom line and its public trust. RoundWorld can also equip your firm with systems and approaches that maintain compliance and other privacy requirements while also protecting customers' sensitive personal and financial data. This article was provided by: Tiffany Fox Public Information Officer RoundWorld Solutions http://roundworldsolutions.com For more information on ICCG (http://iccgusa.com) or our CXO Interview Panel, please contact: End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|