The financial services industry has long been a target for hackers. So much so that in 2016, it was attacked 65% more than the average organisation across all industries. According to IBM 200 million financial services data records were breached, a 900% increase from the year before. What can we learn from this? The current approach to cybersecurity within many financial services organizations is flawed.
Asset management and investment firms often rely on desktop-centric security solutions for protection, disregarding the vast amount of data that is stored and transferred on mobile. With the General Data Protection Regulation coming into force on May 25 2018, there is an increased urgency for enterprises to improve the way data is secured. Here are five things asset management and investment firms should be doing to protect their corporate data.
1.Protect against mobile phishing
The number of mobile phishing attacks is doubling every year, with a phishing site being created every 30 seconds. The financial services sector is particularly vulnerable to this type of attack due to the range of mobile platforms financial consultants and investment advisors use to interact with clients.
Why are phishing attacks so dangerous? Well, they exploit the most vulnerable part of your organization: your employees. Employees are arguably a corporation’s best asset, but when it comes to protecting corporate data they can double up as their biggest security threat. Wandera’s latest research reveals that in the average 100 device asset management and investment firm, employees fall for 53 phishing attacks each month.
Download our Mobile Data Report
Why is this number so high? Attackers know that within the financial services sector sensitive information is shared frequently and quickly. Employees rely on gaining new clients for their success and are therefore more likely to interact with messages and links from unknown numbers. Mobile is a preference for attackers for a variety of reasons: the smaller screen size means that it’s harder to inspect suspicious looking URLs and the on-the-go nature of the device encourages users to act less cautiously.
Enlist a solution that has the ability to block sensitive information from being exfiltrated from your mobile devices, even if an end user falls victim to social engineering.
2. Defend against malware
Over the last few years mobile malware has become a widely known, fear-inducing security concern for enterprises globally. Research from Gartner in 2017 showed that mobile malware had grown by 100% year-on-year, and a concerning number of new attacks are focused on iOS, not just Android. Ransomware attacks have grown particularly prevalent, with outbreaks like WannaCry and SLocker causing disruption for organizations worldwide.
Wandera’s recent discovery of RedDrop – a sophisticated family of malware that was first discovered and blocked by Wandera on a device at one of the big four consultancy firms – demonstrates the sophisticated way in which attackers are getting their hands on corporate data. Every level of the attack had been carefully orchestrated to convince the user they were downloading a legitimate application – from the advertisement in the reputable search engine, to the initial app download being free of malicious code. Little did they know it was capable of spying on the user, exfiltrating data and sending premium SMS.
This increased level of sophistication means that organizations need to tackle the threat of mobile malware head on. Wandera’s research shows around 9 corporate owned devices in an average 100 device asset management and investment firm attempt to download malware every month. On top of that, a further 3 in 100 devices access cryptojacking scripts per month. You can read more about the threat of mobile cryptojacking in this blog post.
Use a security solution that can give you insight into the app inventory across your network – what permissions they’re asking for and which devices are running outdated versions of these apps.
3. Proactively assess vulnerabilities
Vulnerabilities are known as the ‘lurking culprits’ within your mobile fleet. You would likely never know they were there until one was specifically exploited. These weak points are flaws in operating systems that third parties exploit in order to gain access to devices and the valuable data they contain – through MiTM attacks, or other exploits. In fact, 4% of devices within the average 100 device average asset management and investment firm will be subjected to a MiTM attack each month.
Download our Mobile Data Report
Understandably, It’s not always practical or realistic to make sure every single device in your fleet is on the latest OS – but not all outdated versions pose the same risk. Having a comprehensive knowledge of known mobile vulnerabilities is the first and most important step in understanding where, why and how devices could be left open to attack.
Run a security report of all of the devices within your business – check who is running outdated OS, who is jailbreaking their device and where the vulnerabilities lie in your fleet.
4. Filter inappropriate content
Having devices in your IT infrastructure that can access all corners of the internet introduces risk to your business. Wandera research discovered adult and gambling content categories are far more likely to leak data, employ unencrypted technologies and otherwise expose organizations to risk. In fact, there are 99 attempts to access inappropriate content every month in the average 100 asset management and investment firm.
Content Filtering is a proactive approach to security. It provides the functionality to block high-risk sites and apps, which eliminates exposure to many threats before they manifest.
5. Ensure GDPR compliance
Mobile devices present multiple openings for hackers to access an organization’s sensitive data. With General Data Protection Regulations fast approaching, enterprises need to recognize the security risks that mobile presents to both personal and corporate data.
A data breach over mobile has the potential to be catastrophic in terms of business reputation and overall shareholder value and non-compliance can lead to significant financial implications, with fines leading up to €20 million. We believe the only way to ensure compliance with the incoming GDPR legislation is to embrace a mobile security solution that affords total data visibility.
Whichever technology your organization chooses to adopt, our guidance is to select a platform that operates at the cloud level as well as the device level. Eliminating blind spots and giving you the confidence in knowing you’ve taken every reasonable measure to protect sensitive corporate data.