Financial industry unable to meet regulations: Report

ANI | Updated: Nov 16, 2017 10:24 IST

New Delhi [India], November 16 (ANI): A report published by BlackBerry Limited highlighted a confidence gap between IT professionals and their ability to meet regulatory requirements for securing unstructured data such as emails, PDFs and other business files and documents.

The findings, which also underscore the pervasiveness of internal versus external threats, were detailed in a new report titled, "File Sharing and Collaboration Leads to Security Gaps in Financial Services Firms."

While regulatory scrutiny and fines apply to both structured and unstructured data, unstructured breaches can be subject to higher penalties because they highlight flaws in internal operations and processes. This report investigated how common such operational risks are and if they are actively identified and addressed.

For example, BlackBerry's survey found that 65 per cent of respondents reported they were uncertain if their business protocols around collaboration and file sharing meet regulatory requirements. Furthermore, one-third of the respondents said they were only "somewhat confident" or "not at all confident" about their ability to meet regulatory requirements despite having policies covering unstructured data.

"Some of the most confidential corporate information is stored and shared in documents, spreadsheets and presentations. If you don't have an effective way to protect these files across all endpoints, both inside and outside of your network, then you have a big gap in your security strategy. All it takes is for one user to type the wrong name or attach the wrong files in an email exchange, and you have a potentially massive breach to clean up," said Alex Manea, Chief Security Officer, BlackBerry.

The report noted that over one-third of respondents reported either that their organisation had employees using file-sharing applications that were not approved by IT. Employees often use consumer file-sharing systems as shortcuts to get their jobs done, but in doing so; they expose their company to risk.

Further, 17 per cent of survey respondents reported their organisations suffered a data breach at the hands of internal bad actors. This includes disgruntled employees and others, who either obtained access to sensitive information or had access all along and simply distributed the data to unauthorised parties. Also, more than one-quarter of respondents indicated they had a security breach caused by a simple mistake such as the accidental sharing of sensitive files, and 18 per cent acknowledged security breaches took place due to lost, stolen, or unsecured devices.

Inadequate separation between the employees' personal and private life was highlighted as another source of worry. Respondents admitted to suffering security breaches caused by use of personal email and file-sharing accounts (20 per cent) and use of personal software or devices for corporate business (20 per cent).

Four-out-of-five respondents said their organisation sends sensitive files via email. When a copy of an email and any associated information (like an attachment) is sent from one user to another, multiple copies of the message are also stored on servers and devices, some of which are beyond the control (and security policies) of the organisation where the email originated. (ANI)