Despite massive security expenditure, the shift to home working has left financial services companies exposed with poorly managed passwords and unmanaged file systems that give every employee access to an average of nearly 11m files.
Around 60 per cent of companies have at least 500 passwords that never expire, according to the Varonis 2021 Financial Services Data Risk Report, which examined the security protections around 4 billion files at 56 financial institutions.
Despite efforts to repel cybercriminals for whom financial data is a bonanza – one recent study found ‘Best Australian financial data’ for sale on the dark web for over $80,000 – analysts warned that banks are creating inadvertent risks by providing employees with too much access to too much data.
Non-expiring passwords, for example, create vulnerabilities because their long shelf life means they may be compromised and exploited without anybody noticing.
At 39 per cent of the companies inspected, more than 10,000 stale user accounts – old temporary accounts, for example, or accounts belonging to former employees – had created doors through which cybercriminals could enter undetected.
By using those accounts to gain seemingly-legitimate access to millions of data files, Varonis warned, attackers can lurk on networks undetected.
Throw in the tumult of 2020’s rapid transition to remote working and the lack of control this caused, the analysis warned, and financial-services companies face a major security issue.
“The abrupt nature of this transition forced many companies to step into the cloud without proper cybersecurity preparedness,” the report’s authors note, “inadvertently increasing their attack surface as employees logged in through unsecured networks and home computers.”
Those unsecured networ ..
Support the originator by clicking the read the rest link below.
