Financial sector more prone to ransomware vulnerabilities

The financial services sector is falling behind other industries when it comes to bridging the gap between the new technologies they have rapidly introduced to deal with COVID-19 pandemic, and the security measures required to protect them, according to research from Veritas Technologies.

The Veritas Vulnerability Lag Report, surveyed 2,050 IT executives from the UAE and 18 other countries, including 245 respondents from the financial services sector. It discovered that companies in the financial services space were more likely to be struggling to keep pace with their security than those from most other sectors, with nearly half (48%) stating that their data security was lagging behind their digital transformation deployments. The average across all industries was 39%.

As a result, financial services companies are leaving themselves exposed to an increased risk of ransomware and other data loss incidents. The heightened threat to the sector is set to continue for another two years as organisations struggle to close the gap.

Johnny Karam, Managing Director & Vice President of International Emerging Region at Veritas Technologies, said: “In line with the UAE government’s ambitions to establish a strong digital economy, the UAE financial services sector has made significant strides in introducing new technologies and services to cater to evolving customer needs. However, the COVID-19 pandemic threw a curveball that no one could have seen coming, forcing organisations around the world to make transitions more rapidly than they anticipated. This has meant that the pace of security rollouts to protect this innovation has lagged behind, leaving them badly exposed to digital risk.

“In the UAE, we’re seeing businesses across all industries make strong progress with their data protection efforts. Unfortunately, the global financial services industry still has a long way to go. The good news is companies in this sector are beginning to redress the balance: 16% are confident that they will be able to close the gap this year.”

Financial services organisations that want to eliminate their vulnerability lag within 12 months would need to spend, on average, an additional $2.61m and hire 29 new members of IT staff. $2.61m is 5% more than the average required across all sectors, which may be disappointing news for IT leaders in the sector, given that they already typically spent 19% more than their peers on IT initiatives last year.

Financial services companies were also less likely to have the funds required to take action everywhere that their security was lagging. 43% of respondents in the financial sector said that they lacked the funds to close all of their gaps, compared to 28% of energy companies and just 25% in the public sector.

Expansion of cloud increases the risk of ransomware

Cloud environments are most at risk while this vulnerability lag persists: 82% of financial services respondents have implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans because of the pandemic. With organisations having introduced an average of six new cloud services in the last twelve months alone, 54% of respondents said that they had gaps in their cloud protection strategy – more than any other area.

Responding to the global survey, three in five IT leaders at financial services organisations said that security risks have risen due to COVID-led digital transformation initiatives, with 44% specifying that the risk of ransomware attacks in particular, had increased.

Business operations have already suffered due to the vulnerability. 89% of financial services stated that their organisation had experienced downtime in the last 12 months, not least because, on average, financial services were the victims of 3.22 ransomware attacks which caused disruption and downtime to their businesses – this is nearly a third (32%) higher than the average across all sectors.

Karam said: “While the pressures that COVID-led digital transformation put on IT departments weren’t unique to the financial services sector, its position as a highly-attractive target to hackers may have meant that the industry has felt them more acutely. With hackers beating at the door, and limited resources to push them back, it can feel like the IT team is between a rock and a hard place. However, astute IT leaders are finding a third way: partnering with data protection providers that can minimise the admin burden of data protection through simplified tools leveraging AI and machine learning. Taking this approach can help financial organisations to accelerate their security rollouts and stop their protection infrastructure lagging behind their digital transformation.”