For financial and banking organizations, digital data has so much business value that a well-orchestrated attack on the storage and backup could bring significant damage to the organization’s value. If a data breach happens, it can have a lot of negative consequences for an organization. This can include financial losses, damage to the company’s reputation, downtime for the business, legal action, and loss of sensitive data. Financial services are one of the most heavily regulated industries and are often audited, both internally and externally. The audits usually change every year, based on factors like advances in technology, regulation changes, and shifts in the threat landscape. Reducing the attack surface and adhering to security baselines and standards is a key to staying safe from attacks.
A survey report based on the study conducted by CISO MAG and Continuity reveals that around 52% of the respondents were not strongly confident about the storage and backup security of their organization. Other key findings indicate that,
- Almost 59% of the respondents were not confident they could recover from a ransomware attack and about 69% of respondents believed that a security breach on storage and backup would cause a significant to catastrophic impact on the organization.
- Storage and backup were the two least covered areas under the vulnerability management program.
Focus areas of vulnerability management program
- 21% of the organizations did not have any security baselines in place.
- 67.19% of the respondents agreed that storage and backup security have been included in their latest audits.
- Continuous changing requirements, silos within the organization, and lack of knowledge and skills slowed down the evolution of storage and backup security in financial services.
Top challenges in securing storage and backup
Here’s how information security officers in financial services and banks can improve their storage and backup security:
- Improve storage and backup security and it should be the top priority in a financial organization.
- Take measures to gain knowledge and improve skill sets and increase the collaboration between Infosec and IT infrastructure teams.
- There must be comprehensive security baselines for all components of storage and backup.
- Reduce the exposure to risk using automation and focus on quickly adapting to changing priorities.
- Cover all aspects of storage and backup management including key components like Fiber-Channel network devices, management consoles, etc.
- Applying stricter controls and more comprehensive testing of storage security and recovery from an attack, will improve confidence and help identify key data assets that do not meet the required level of data protection.
Image source: Continuity Software
Read next: Public cloud ecosystem quarterly revenues show a 26% increase; reach $126 billion in Q1 2022
