Sophos. Cybersecurity guide for finance and banking organizations
Cybersecurity has gained more importance in finance and banking for a few reasons. First, cyber threats are increasing in the volume and complexity. Second, the sector’s attack surface has grown thanks to digitization, the use of cloud apps, new fintech solutions, and other quality-of-life features for customers. As such, financial institutions now store large volumes of critically sensitive personally identifiable information (PII), corporate data, and financial information that must be carefully protected.
A 2022 Sophos survey of 444 IT professionals working in financial services revealed that 55% of organizations were hit by ransomware in 2021 – a 62% increase over the previous year. While 55% of organizations reported an increase in attack volume over the year before, 64% reported an increase in attack complexity and 55% reported an increase in the impact of attacks. Read the full report here.
Factors contributing to rising cybersecurity risks in finance and banking
Evolving attacker tactics, techniques, and procedures as well as increasing professionalism in the cybercrime industry are significant drivers behind the sector’s complex threat landscape today.
There are a few others:
- Third-party vendors supporting the vital day-to-day operations of banks and financial institutions require remote access to critical resources, systems, and data. This increases the risk of misuse of access privileges, leading to credential and data theft.
- Anytime, easy access to critical business data on employees’ smartphones, tablets, and laptops threatens the security of sensitive financial and customer data.
- On-boarding new technologies and applications on the network, such as mobile banking, instant payment technology, e-signatures, digital signage, and videos introduces vulnerabilities into the system.
- The sector faces strict data security requirements by regulations and standards such as ISO/IEC 27001, GLBA, GDPR, SOX, and PCI DSS due to the vast private and sensitive data it holds.
- Local, state, and national branch sites share large amounts of sensitive information every day and also require continuous remote access to centrally located corporate resources and applications.
- The cloud is integral to the successful day-to-day operations of banks and financial institutions. But it has become a major target for cybercriminals looking to exploit less established cybersecurity practices than in traditional on-premises environments.
Sophos can help
To learn about how Sophos secures finance and banking organizations, download our Cybersecurity Guide for Finance and Banking whitepaper.
Sophos can help address the most common cybersecurity challenges facing finance and banking organizations:
Sophos MDR is our fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent. As the world’s most trusted MDR provider, we have unparalleled depth and breadth of expertise when it comes to threats facing the finance sector.
Leveraging extensive cross-product and cross-platform telemetry, we can generate “community immunity,” applying learnings from defending one finance and banking organization to all other customers in the sector, elevating everyone’s defenses.
“The IT team has saved at least 40 hours a week that would otherwise have been spent on security operations tasks.”
AAVAS Financiers Limited
“Sophos MDR helped us keep up with the growing volume and sophistication of cyberthreats without ramping up our security operations team.”
Tourism Finance Corporation of India Limited
Sophos ZTNA eliminates vulnerable VPN clients, enabling you to offer secure and seamless access to resources for your remote workers defined by policies. It removes implicit trust in your environment’s applications, users, and devices, allowing segmented access to your systems and resources to just those who need it.
Sophos Secure Access Portfolio enables financial institutions to connect remote and branch sites, deliver critical cloud and SaaS applications, and share data and information. It includes Sophos ZTNA to support secure access to applications, Sophos SD-RED remote Ethernet devices to safely extend your network to branch offices and remote devices, Sophos Wireless access points for easy and secure wireless networking, and Sophos Switch for secure access on the LAN. Everything is managed through a single cloud-based security platform, Sophos Central.
For more information and to discuss your requirements, contact your Sophos representative or request a call-back from our security specialists.
Source: Sophos