In a recent cloud security survey conducted by Netwrix, 44% of financial institutions revealed that their own IT staff is considered the most significant risk to data security in the cloud. This survey, focusing on the financial sector, also unveiled that 32% of financial organizations had experienced accidental data leakage, a rate higher than the average of 25% in other industries.
Dirk Schrader, Vice President of Security Research at Netwrix, emphasized the need for organizations to adopt a zero-standing privilege approach, where elevated access rights are granted only when necessary and for the required duration. Cloud misconfigurations were identified as a common cause of accidental data leakage, reinforcing the importance of continuous monitoring of cloud configurations.
Shira Shamban, CEO at Solvo, highlighted two key ways in which IT teams contribute to risk: misconfigurations and human errors, often resulting in security incidents, and the risk of phishing or credential theft. Given that IT teams handle sensitive financial data, they need to exercise extra caution in mitigating these risks, as data security breaches can have significant implications for compliance and business health.
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, identified three primary factors contributing to security breaches in the financial services sector: human behavior, identities and credentials, and vulnerabilities. Increased data sharing via the cloud has expanded the attack surface, making organizations more vulnerable to attacks aimed at financial fraud or identity theft. The theft of identities, in particular, can enable attackers to bypass traditional security perimeters unnoticed.
In summary, the survey results underscore the importance of addressing internal risks posed by IT teams in the financial sector’s cloud security efforts. It highlights the need for a proactive approach, continuous monitoring of cloud configurations, and heightened caution in handling sensitive financial data to mitigate the evolving threats in the cloud.