New study highlights access management problems in financial services sector
May 15, 2014

Financial services providers in North America and abroad have come under fire for their data and network security practices in recent years, as more officials work to tighten regulatory compliance statutes and defend consumers' identities. It has become painstakingly clear that the only defense against modern cybercrime and identity theft is a highly proactive approach to access management adjustments, as hackers will not hesitate to go after the low-hanging fruit.

Studies indicate that security trends are not moving as quickly as necessary in the right direction, and that many companies remain vulnerable to relatively well-known threats. Considering how quickly new risks proliferate in the digitally driven marketplace today, failure to keep up and make timely changes to existing security frameworks can spell disaster for any organization, and this is especially true among financial services providers. 

However, tools are available that can quickly improve the identity and access management performances of banks and other financial institutions, and it is just a matter of becoming aware of these solutions and implementing them quickly. Authentication stands as the next-generation of access control technology, improving user experiences while continuously protecting organizations from breach and compromised networks. 

Microsoft's big news
CloudTweaks recently reported that a new study from Microsoft indicated that the financial services sector is at significant risk of breach because of poor information protection and access management practices. Many banks and financial services providers were found using relatively antiquated approaches to security, despite deploying new technologies and using a wider range of platforms for data management. 

According to the news provider, the study highlighted several key issues, including the widespread lack of physical access management, not having a risk mitigation policy in place, poor data disposal practices and no standardized information classification systems. Considering how sensitive banking information is, as well as the frequency with which financial institutions are being targeted by hackers, this is highly concerting news.

The source went on to explain that 20 percent of survey respondents stated that they are not currently using roles or identities to manage access, meaning that parties who steal simple credentials will have a relatively easy time breaking into sensitive systems. In response to the research, regulatory entities have highlighted some of the subsequent risks – as well as causes of vulnerability – that are common among banks. 

"The financial industry appears susceptible to what an FSA report termed 'The Five Fallacies'. They believe there are five key misconceptions amongst companies that serious impact on their security," Daniel Price explained in CloudTweaks. "1) a belief that the customer data they held was too limited or too fragmented to be of value to fraudsters, 2) a belief that only individuals with a high net worth are attractive to hackers, 3) a belief that that only large firms with millions of customers are likely to be targeted, 4) an assumption that threats to data security are exclusively from external sources, and 5) a belief their security systems are already adequate and fool-proof."

Get with it
Decision-makers in the banking sector need to be more aggressive in their pursuit of security, as threats will continue to proliferate and damage businesses without more comprehensive protective deployments. In many cases, the security programs can be dramatically improved by simply focusing on the notion of digital ID's. Specifically, throwing out the antiquated password and credential systems in place and replacing them with advanced digital identity solutions.

By moving to a digital identity paradigm that is anchored in devices, dynamic authentication can be utilized to improve end user engagement and security. All by leveraging devices that users and consumers use on a daily basis. In the coming years, firms that do not revise their access management policies will likely continue to take on more risk.