09:35 AM
Greg MacSweeney
Greg MacSweeney
Connect Directly

Mobile: Data Security's New Frontier

As clients increasingly expect to be able to trade, transfer funds and do almost anything else they can do on a PC from their mobile devices, Wall Street technology executives must figure out how to protect data outside the enterprise.

Data security certainly isn't a new concern for financial services firms. Security always ranks near the top of priorities for CIOs, CTOs, CSOs and CROs. The data security landscape, however, is changing at an accelerating pace, and the stakes are higher than ever before.

Since the beginning of 2011, there have been more than 598,000 personal financial records exposed to potential fraud in 58 separate incidents involving financial services companies, according to the Privacy Rights Clearinghouse. While the total number of incidents and exposed records is down substantially from the 12.3 million records that were exposed by 604 breaches in 2010, the complexity of the attacks and the amount of money that has been lost is staggering.

Data-Centric Security Offers Best Defense Against Cyber ThreatsThe toll from cyber attacks continues to climb. Data-centric security offers the best defense against advanced persistent threats, argues Voltage Security's Mark Bower.

For instance, in one attack against Fidelity National Information Services, a global provider of banking and payments technologies, millions of dollars literally went missing overnight. A group of criminals obtained 22 legitimate ATM cards and then duplicated and altered them so an unlimited amount of cash could be withdrawn with each. The cards were promptly shipped overseas, and a total of $13 million was withdrawn over just 24 hours. This one incident highlights how damaging a data breach can be. In addition to the direct monetary loss, other costs — such as customer churn, reputation damage and regulatory fines — add to the costs.

Other incidents, while not leading to direct monetary losses, can be just as damaging. Nasdaq's Director Desk, a cloud-based system designed to facilitate boardroom-level communications for 10,000 senior executives and company directors, was hacked last year; the criminals may have had access to insider information, which they could have sold or used to make profitable stock trades.

[Check out the Top 9 Most Costly Financial Services Data Breaches.

While the types of data breaches are numerous, there is some good news: The average cost of data breaches has dropped by 24 percent, according to a study from the Ponemon Institute. This could partially be attributed to better security and an improved ability for firms to respond quickly to a breach. But, while the cost of a single breach might be on the decline, the rate of malicious attacks from malware, insider threats and phishing attacks increased by 31 percent, says the study.

Couple the growing complexity of attacks with users' demands for greater access to data, and technology executives have their hands full. Not only do firms have to protect data from traditional hacks and insider threats, they also have to protect data that is going outside of their own firewalls. Internal users, including traders, portfolio managers and business executives, as well as external customers increasingly are demanding mobile access to proprietary data on tablets and smartphones.

The demand for greater access to data will not slow any time soon — users increasingly will expect to be able to trade, transfer funds and do almost anything else they can do on a PC from their mobile device. Firms that can't offer mobile functionality because of security limitations will be at a serious disadvantage to competitors that can.

[To read more about How To Protect Wall Street Employees' Mobile Devices From Cyber Attacks, see related story.]

Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/13/2014 | 9:57:03 PM
Windows phone security
I am convinced that the security and Windows phones are much more advanced.
More Commentary
Moving the Trader Closer to the Investment Process
The sell side can demonstrate more value by applying analytics to pre- and post-trading, and by educating buy-side clients about broker segmentation, trading behavior and algorithm shortcomings, and more.
Wirehouses May See More Independent BDs as Retention Packages Expire
Retention bonuses are expiring, leaving brokerages vulnerable to attrition. Is access to technology making it easier for brokers to go independent?
SCI: A Whale of a Regulation
The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.
One Size Fits Nobody in End User Services
How building profiles from employees' roles and behaviors can help optimize your end user services.
'Enlightened' Non-IT Execs More Likely To Run Secure Organization
Do senior executives understand their role in data security? On the whole, unsurprisingly, no.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.