Count on your tech

Digital transformation is one of those inescapable terms following the technology industry around for the last few years. It refers to the process of utilising new and emerging technologies in order to solve problems and improve the business function. It has, however, made businesses of all natures vulnerable to cyber attacks, and the end-of-year security reports seem to suggest that risks are only going to intensify with time: attacks increased by 11 per cent as compared to 2018 and by 67 per cent since 2014.

In 2019, financial institutions had the highest number of sensitive documents and files exposed, with a staggering average of 352,771. The second highest, healthcare and pharma, had an average of 113,491. This is reflective of the changing nature of the threat landscape: cyber criminals have become increasingly more organised and more targeted, operating much like the businesses they target.

Like any business, they pursue profit, and the world’s financial institutions are the most financially viable targets. The threat landscape is not all that is changing.

Regulators, moving to uphold GDPR, Californian equivalent CCPA, and others also have a part to play. In responding to these cyber threats and legislative changes, the need to remain competitive in a fast-changing market is greater than ever. This means that organisations operating in the financial space need to devise detailed and comprehensive security strategies, which must both suit the needs of the business and address the risks, without compromising on business objectives.

And while it is important for organisations to ensure that their entry points are guarded and that there are tools in place to detect and alert security teams of ongoing threats, many organisations fail at one of the basic principles of cyber security: visibility.

Knowing what needs to be protected is the prerequisite of any subsequent security effort: all assets need to be profiled and inventoried. Software, in particular, presents a logistical challenge, as organisations need to not only keep track of what applications they are using, but also whether these are used in a way that is secure and compliant with software standards.

In the financial space, applications often run every facet of operations and are mission critical to the business. Monitoring all of them on a continuous basis, ensuring that all new vulnerabilities are patched according to the risk they pose, and implementing a comprehensive software asset management strategy can bear a weight on your resources.

Fortunately, automation can offer IT security functions a great strategic advantage, as tools are available to both monitor and optimise software licensing and to track changes that may compromise security.

Dearbhail Kirwan is a senior security consultant and team lead at edgescan.