Financial organisations are prone to lax cybersecurity practices

Netwrix has published additional findings from its 2020 Data Risk & Security Report. The report reveals that financial organisations are prone to a range of insufficient cybersecurity controls that make them vulnerable to escalating cyber threats.

According to the survey, one third of financial organisations discovered sensitive or regulated customer data outside of designated secure locations in the past 12 months. Almost half (40%) of respondents admitted that in the same time frame that their IT teams granted direct access to sensitive data based solely on a user’s request. On top of that, IT teams are overloaded with addressing data subject access requests (DSARs) as a part of GDPR compliance since 73% of respondents report that DSARs put significant or moderate pressure on IT staff.

Other notable findings of the report include:

• 70% of unauthorised data sharing incidents led to data compromise
• 32% of financial organisations have experienced a surge in data subject access requests (DSARs)
• 44% of CISOs and CIOs in financial organisations don’t have or don’t know whether they have KPIs to report on IT security and cyber risk

“As COVID-19 pandemic accelerates the rise of digital payments, financial organisations are generating more and more data, which makes the sector a tempting target for cybercriminals. Poor access management practices and lack of control over sensitive data make the sector vulnerable to these increasing threats. Organisations need to mitigate security risks by deploying technologies that enable them to regularly review and correct access permissions as well as to automatically discover their sensitive data enterprise-wide regardless of where it is located, and to move it to a secured storage. This will help them enhance their security posture despite an increasing workload and decreased resources,” said Ilia Sotnikov, VP of Product Management at Netwrix.