Data security certainly isn't a new concern for financial services firms. Security always ranks near the top of priorities for CIOs, CTOs, CSOs and CROs. The data security landscape, however, is changing at an accelerating pace, and the stakes are higher than ever before.
Since the beginning of 2011, there have been more than 598,000 personal financial records exposed to potential fraud in 58 separate incidents involving financial services companies, according to the Privacy Rights Clearinghouse. While the total number of incidents and exposed records is down substantially from the 12.3 million records that were exposed by 604 breaches in 2010, the complexity of the attacks and the amount of money that has been lost is staggering.
For instance, in one attack against Fidelity National Information Services, a global provider of banking and payments technologies, millions of dollars literally went missing overnight. A group of criminals obtained 22 legitimate ATM cards and then duplicated and altered them so an unlimited amount of cash could be withdrawn with each. The cards were promptly shipped overseas, and a total of $13 million was withdrawn over just 24 hours. This one incident highlights how damaging a data breach can be. In addition to the direct monetary loss, other costs — such as customer churn, reputation damage and regulatory fines — add to the costs.
Other incidents, while not leading to direct monetary losses, can be just as damaging. Nasdaq's Director Desk, a cloud-based system designed to facilitate boardroom-level communications for 10,000 senior executives and company directors, was hacked last year; the criminals may have had access to insider information, which they could have sold or used to make profitable stock trades.
[Check out the Top 9 Most Costly Financial Services Data Breaches.
While the types of data breaches are numerous, there is some good news: The average cost of data breaches has dropped by 24 percent, according to a study from the Ponemon Institute. This could partially be attributed to better security and an improved ability for firms to respond quickly to a breach. But, while the cost of a single breach might be on the decline, the rate of malicious attacks from malware, insider threats and phishing attacks increased by 31 percent, says the study.
Couple the growing complexity of attacks with users' demands for greater access to data, and technology executives have their hands full. Not only do firms have to protect data from traditional hacks and insider threats, they also have to protect data that is going outside of their own firewalls. Internal users, including traders, portfolio managers and business executives, as well as external customers increasingly are demanding mobile access to proprietary data on tablets and smartphones.
The demand for greater access to data will not slow any time soon — users increasingly will expect to be able to trade, transfer funds and do almost anything else they can do on a PC from their mobile device. Firms that can't offer mobile functionality because of security limitations will be at a serious disadvantage to competitors that can.
[To read more about How To Protect Wall Street Employees' Mobile Devices From Cyber Attacks, see related story.]Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio