Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

UK Finance Companies Need to Do Better at Cybersecurity

September 20, 2019

  • Blog
  • Archive

As a lynchpin of the UK’s economy and a vital part of its infrastructure, the financial sector is (unsurprisingly) a big target for cyberattacks. A recent study by data security company, Clearswift, affirms this in revealing that 70% of finance companies in the UK suffered a cyber incident over a recent 12-month period.

You’d expect then, with such a huge target painted on you, that many finance firms would have the very best cybersecurity strategies in place. Unfortunately, this expectation is woefully off the mark.

UK Cybercrime Focus: Finance Organizations

Last year alone, there was a reported 1000% increase in cyber incidents within the UK financial sector. You may recall that Tesco Bank was fined £16.4 million by the FCA in 2018 as a result of a cyberattack that happened in 2016, leading to £2.26m being stolen from personal current accounts.

In 2017, cybercriminals were able access records of roughly 270,000 Wonga customers across the UK and Poland. Data illicitly accessed of the payday loans company’s customers included bank account details, sort codes, addresses, phone numbers, email addresses and more. Wonga released a statement acknowledging that cyberattacks were 'on the rise' and 'unfortunately becoming increasingly sophisticated'. HSBC, Halifax, and Bank of Scotland have all experienced similar cyber-attacks.

In the wake of a number of blistering cyberattacks across the UK financial landscape, Megan Butler, the Executive Director of Supervision at the Financial Conduct Authority (FCA), stated in November 2018 that:

"It is a major concern that a lot of financial firms still seem to be trying to get the basics right on cyber. We’ve found that a third of firms do not perform regular cyber-assessments. And whilst most know where their data is, they describe it as a challenge to maintain that picture. Nearly half of firms do not upgrade or retire old IT systems in time, and only the largest firms have automated their detection systems to spot potential cyber-attacks. Smaller firms are generally relying on old school, manual processes - or no processes at all."

Some very strong and concerning words, but what can financial organizations start doing to better their defence against malicious attackers?


DOWNLOAD THE PRIVILEGED ACCESS THREAT REPORT

UK Finance Sector: Improving Adoption & Awareness of Cybersecurity

Before going into actionable methods to improve security within the UK finance sector, let’s understand a little more on where and how the problems are arising. The same Clearswift study mentioned above also found that nearly half (43%) of security incidents within the financial sector are caused by employee failure to follow company data protection policies. Other key causes of security incidents include introduction of malware and viruses via 3rd party devices (32%), file and image downloads (25%), and employees sharing data with unintended recipients (24%).

Most organizations are having a difficult time managing privileged insiders and third-party vendors. Almost half use manual processes to control privileged identities, which simply isn't scalable. Our very own 2019 Privileged Access Threat Report highlights the fact that 58% of organizations believe it likely they have suffered a breach due to vendor access, and 64% say employees caused breaches – which only goes to further underscore Clearswift’s findings.

With all of this in mind, how can we ensure that human error is minimized and, should it occur, the potential ramifications are mitigated efficiently?

Achieving Least Privilege to Mitigate Threats

One of the first, most important things UK finance organizations need to understand is that the weakest link in their security often starts with employees. This weakness comes in a variety of forms – from poor password hygiene, to a weak understanding of social engineering techniques (phishing emails and scams). Whether intentional or not, giving your employees administrator rights puts your systems and data on the fast track to being compromised.

The obvious problem that comes with limiting user rights though is that access and a general ability to be productive can become an issue. If not managed correctly, IT helpdesks can be swampled with requests to grant simple access to systems or files. The balance between security and productivity, specifically within a fast-paced, high growth environment like the finance sector, always seems to be a trade-off. And apparently, for many UK finance organizations, a trade-off they aren’t willing to make.

The solution is simpler and more effective than many organizations realize. By creating a least privilege environment, which is essentially removing unnecessary admin rights and giving users just enough access to do their jobs productively, you can sharply reduce the attack surface. The most recent Microsoft Vulnerabilities Report validates this reasoning, as 81% of all Critical Microsoft Vulnerabilities discovered in 2018 would have been mitigated if admin rights had been removed.

Privileged Access Management (PAM) as a solution achieves this through several steps. And while this is by no means an exhaustive list, below are three key features of an effective PAM solution:

  • Lock down and control credentials: Find, manage, and monitor privileged accounts/assets, and automate privileged password and session management.
  • Remove excessive end-user privileges: Control and monitor privileged activity on Windows, Mac, Unix, Linux, and network devices, remove excessive privileges without impacting productivity, and enforce granular application control.
  • Protect internal and vendor remote access: Secure, manage, and audit remote access from third-party vendors and internal employees with privileges, such as the service desk.

By taking such measures towards reducing privileged access and controlling visibility over your environment, organizations of all sectors can significantly reduce their risk of becoming a victim of a breach. 90% of the organizations we’ve interviewed confirmed that with fully integrated PAM tools, they are confident they can identify specific threats from employees with privileged access.

In summary, implementing a holistic Privileged Access Management solution gives finance companies back control over their systems and data, while still empowering employees to fulfil their roles efficiently and securely.

To read more about Privileged Access Management and discover more information around key use cases and ROI, visit our solutions page today.


Whitepapers

Privileged Access Management (PAM) Checklist

Whitepapers

Privileged Access Threat Report 2019

Jonathan Clarke

Content Marketing Manager

With a Master's Degree in English Language and Media, Jonathan has a genuine passion for producing compelling and thoroughly researched cybersecurity content. Coupled with a B2B agency background, he is adaptable to a wide range of industry topics, and also looks after BeyondTrust's Public Relations and social media channels. A huge animal lover, he is the proud 'father' of Simba, a very hyperactive German Shepherd dog.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.