Financial organisations are putting themselves at risk of cyberthreats due to a lack of proper security controls, a new report has claimed.
Research from Netwrix found that such firms tend to use insufficient cybersecurity controls, making them more vulnerable to cybersecurity threats compared to other businesses.
In its 2020 Data Risk & Security Report, Netwrix says financial organisations usually make two major mistakes: their IT teams grant employees direct access to sensitive data based solely on the user’s request; and they’re mostly overloaded with addressing data subject access requests (DSAR).
Consequently, a third of financial organisations found sensitive data where it shouldn’t have been, in the last year alone. Furthermore, almost three quarters (70 per cent) of unauthorised data sharing incidents have led to data compromise. Finally, almost half (44 per cent) CISOs and CIOs in financial organisations don’t have or don’t know whether they have KPIs to report on IT security and cyber risk.
“As Covid-19 pandemic accelerates the rise of digital payments, financial organisations are generating more and more data, which makes the sector a tempting target for cybercriminals,” says Ilia Sotnikov, VP of Product Management at Netwrix.
“Poor access management practices and lack of control over sensitive data make the sector vulnerable to these increasing threats. Organisations need to mitigate security risks by deploying technologies that enable them to regularly review and correct access permissions as well as to automatically discover their sensitive data enterprise-wide regardless of where it is located, and to move it to a secured storage. This will help them enhance their security posture despite an increasing workload and decreased resources.”
Netwrix’s full report can be found on this link.