{"id":5967,"date":"2023-09-08T17:28:33","date_gmt":"2023-09-08T21:28:33","guid":{"rendered":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?p=5967"},"modified":"2023-09-08T17:28:56","modified_gmt":"2023-09-08T21:28:56","slug":"the-most-overlooked-security-issues-facing-the-financial-services","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/the-most-overlooked-security-issues-facing-the-financial-services\/","title":{"rendered":"The Most Overlooked Security Issues Facing the Financial Services"},"content":{"rendered":"

\"\"<\/p>\n

Solutions Review\u2019s <\/strong><\/i>Contributed Content Series<\/u><\/strong><\/i><\/a> is a collection of contributed articles written by thought leaders in enterprise technology. In this feature, Continuity<\/a>‘s John Meakin offers<\/strong><\/i><\/span><\/p>\n

Data is a major part of the role of any CISO. When it comes to the financial services industry, data is even more important and valuable than in other industries. Securing storage and backup systems isn’t always obvious and isn’t always the focus of many CISOs or their teams. I admit that it wasn’t part of my focus until quite recently.<\/p>\n

So, what is the big picture of securing storage and backup? Is this a Cinderella area in the pursuit of business security? How can you prepare? And where do you go from here? I will share with you my views in this article.<\/p>\n

\t\t\t

<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n

Security & the Financial Sector<\/strong><\/h2>\n

All Eyes On Storage And Backup<\/strong><\/h3>\n

It\u2019s no secret that modern security is focused on data, particularly in the financial services industry. The rise – and sophistication – of ransomware attacks has been documented by all parties concerned.<\/p>\n

From industry publications like Bleeping Computer<\/a>\u2026<\/p>\n

\u201cThe ALPHV ransomware operation exploits veritas backup<\/strong> exec bugs for initial access. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds these 3 security issues to its list.\u201d<\/em><\/p>\n

\u2026to analysts like Gartner<\/a>\u2026<\/p>\n

\u201cHarden the components of enterprise backup<\/em><\/strong> and recovery infrastructure against attacks by routinely examining backup application, storage and network access and comparing this against expected or baseline activity<\/em>.\u201d<\/p>\n

\u2026to governments finally addressing the issue, like in last year\u2019s White House memo<\/a>:<\/p>\n

\u201cTest the security of your systems<\/em><\/strong> and your ability to defend against a sophisticated attack<\/em>.\u201d<\/p>\n

Ransomware is focused on data. As such, the key to mitigating (and ideally neutralizing) that threat is to secure data in storage and backup.<\/p>\n

We tend to think of backups as the final layer of protection against ransomware, though in reality they are simply another repository of data in storage, ready to be harvested if not appropriately secured.<\/p>\n

This begs the question: are we as CISOs and security leaders currently focused on the most pressing risks?<\/strong><\/p>\n

The Unspoken Gap<\/strong><\/h3>\n

The value of business data is growing annually in virtually every organization. Malicious actors recognize this fact, so data-centered attacks continue to grow both in number and sophistication.<\/p>\n

Are we really rising to this challenge as CISOs and security leaders? Have we spent enough time analyzing and reinforcing those darker parts of our storage and backup infrastructure that any smart threat would target? This industry-wide oversight is exactly why so many of these attacks succeed.<\/p>\n

There are other myths that many CISOs and security leaders believe which feed the current exponential growth of attacks and further demonstrate the industry\u2019s continued failure to harden storage and backup systems. They are the greatest current oversight in cybersecurity.<\/p>\n

The Shift In Voice And Focus Of The Financial Services CISO<\/strong><\/h3>\n

The truth? In a cloud-fuelled world, storage layers deserve as much attention as computing and networking layers. Cloud providers offer cloud storage as a separate service, carrying a separate set of risks \u2013 access keys in AWS S3 storage, for example.<\/p>\n

Storage security issues aren\u2019t limited to the cloud either; they spread across the full spectrum of hybrid and on-premise infrastructures. All these modes of storage constitute separate systems, but for whatever reason they haven\u2019t enjoyed the same attention from infrastructure and security experts as those on other layers.<\/p>\n

The need for change is also reflected in this Financial Services Research Report<\/a>, which analyzed the state of storage & backup security:<\/p>\n