The report titled, File Sharing and Collaboration Leads to Security Gaps in Financial Services Firms brings to light a confidence gap between IT professionals and the ability to meet regulatory requirements for protecting unstructured data such as emails, PDFs and other corporate files. The survey involved 200 U.S.-based IT professionals in the financial services industry.
“The more we make technology stronger and stronger, the more people become the weakest link,” according to Alex Manea, chief security officer of BlackBerry.
He said that some of the most confidential corporate information is stored and shared in documents, spreadsheets and presentations
“If you don’t have an effective way to protect these files across all endpoints, both inside and outside of your network, then you have a big gap in your security strategy,” Manea explained. “All it takes is for one user to type the wrong name or attach the wrong files in an email exchange, and you have a potentially massive breach to clean up.”
While regulatory scrutiny and fines apply to both structured and unstructured data, unstructured breaches can be subject to higher penalties because they highlight flaws in internal operations and processes.
For instance, the survey found that 65 per cent of respondents reported they were uncertain if their business protocols around collaboration and file sharing meet regulatory requirements.
Furthermore, one-third of the respondents said they were only “somewhat confident” or “not at all confident” about their ability to meet regulatory requirements despite having policies covering unstructured data.
Other key findings were:
- Only 26 per cent reported a breach due to an external attack.
- Seventeen per cent of survey respondents reported their organizations suffered a data breach at the hands of internal bad actors. This includes disgruntled employees and others, who either obtained access to sensitive information or had access all along and simply distributed the data to unauthorized parties.
- More than one-quarter of respondents indicated they had a security breach caused by a simple mistake such as the accidental sharing of sensitive files.
- As many as 18 per cent acknowledged security breaches took place due to lost, stolen, or unsecured devices.
The survey also found inadequate separation between the employee’s personal and private life is another source of worry. Respondents admitted to suffering security breaches caused by use of personal email and file-sharing accounts (20 per cent) and use of personal software or devices for corporate business (20 per cent).
Four-out-of-five respondents said their organization sends sensitive files via email.
When a copy of an email and any associated information (like an attachment) is sent from one user to another, multiple copies of the message are also stored on servers and devices, said Manea. Some of these devices are bound to be beyond the control (and security policies) of the organization where the email originated.
A comprehensive security approach can protect your data even after it leaves the corporate security perimeter, he added.
Ultimately cybersecurity issues end up on the desk of the chief security officer. However, Manea said CSOs need the support of the organization’s chief executive officer.
“The CEO is the most important person. It has to start with the CEO,” he said. “If the CSO does not have that level of support, he can’t get his job done.”
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…