A lack of comprehensive security frameworks is the biggest IT security threat facing SA's financial services organisations.
So says Ulli Reyneke, chief client officer for financial services at Gijima, in a report back on the Information Security Executive Forum that Gijima recently hosted in Johannesburg.
The forum focused on the importance of data security in the context of financial services. "The forum provided insights to attendees on how to respond to large-scale information breaches by implementing adequate solutions. They also learnt how to fast-track implementation while managing scope and cost," says Reyneke.
Reyneke believes most enterprises are still protecting IT infrastructure and perimeters instead of data. She cited poor rules and access control, poor monitoring, and complacency as additional hurdles.
Although data protection is the key, Reyneke believes many organisations are not effectively adopting security measures, which results in breaches.
"This is not because solutions don't exist; it is because some organisations would rather risk breach than adopt solutions. It is also important to note that breaches have always been happening, but now pieces of legislation are forcing organisations to report them and this gets into the public domain."
Describing the situation, Reyneke used the analogy of a game of cat and mouse. "As financial services organisations improve their security, fraudsters will continue to find loopholes. Financial services products or offerings develop rapidly, but the risk management or security does not develop at the same rate. People know financial services organisations do not regularly review and update their access, rights or rules issues."
She describes cyber crime as being more difficult to manage than traditional crimes like ATM bombings and cash-in-transit heists.
According to Reyneke, complacency from organisations - believing they won't be breached - further allows cyber criminals to punish organisations for poor corporate citizenship. In the face of these threats, she urges financial services institutions to shift from perimeter to data protection.
Organisations must adhere to upcoming legislation like the Protection of Personal Information Bill, she says, which will force them to report breaches.
"They must also change from moving physical cash to dealing in electronic transactions and customer data. There is also a need to constantly invest in knowledge and tools in this area."
Share
