Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

UK Financial Institutions Unaware of Third-Party Risks Posed by Open Banking

June 2018 by Bomgar

Bomgar has launched its 2018 Privileged Access Threat
Report. The global survey explores the visibility, control, and management that IT
organisations in the U.S. and Europe have over employees, contractors, and
third-party vendors with privileged access to their IT networks. According to the
report, formerly called the Secure Access Threat Report, 72% of UK financial service
firms felt unsure whether they had possibly or definitely suffered a breach due to
third-party access, and 69% also said they had possibly or definitely suffered an
insider related breach in the last year.

With the advent of open banking, the perimeter of a bank’s sensitive data has now
extended outside of its own internal network, and financial institutions now need to
make its customers’ information available through a whole host of third-party
providers.

In fact, the research highlighted that 72% of UK financial organisations have seen
an increase in the vendors that it works with in the past year. This is alarming
when compared to the finding that the same number of UK financial organisation, 72%,
claimed that they could have experienced a breach due to third-party access in the
last 12 months. In addition to this uncertainty, 69% of UK financial services
admitted to having already suffered a serious information security breach or
expected to in the next six months due to third-party access and insider threats.

Despite this, Bomgar’s research discovered that financial services is the most
trusting industry when it comes to network access, with 48% of these organisations
claiming that they completely trust third-party vendors. This is interesting as
financial services were also found to be the most likely industry to experience an
insider or third-party breach in the last year compared to the other industry
analysed in the research, which included the manufacturing, healthcare, telecoms,
government and professional services sectors.

“The dangers that vendors and other third-parties present to the financial
services industry shouldn’t be underestimated,” commented Stuart Facey, VP EMEA,
Bomgar. “More worryingly though is that financial institutions seem unaware of the
root cause of the threat. The unpredictability of these third-parties puts
businesses at increased risk. They often have a high-level of privileged access to
internal networks and sensitive information that financial services organisations
have poor visibility and control over, potentially leaving a key attack vector
unsecured. Third parties may also have a poor cyber security posture and one that
financial services organisations will have little control over.”

However, a large part of this risk sits with the organisations themselves, as the
report found that 69% rely on third-party vendors too heavily, and 76% admit that
having cultures that are too trusting of partners poses a risk to their business.

"Following Equifax’s breach, financial institutions need to realise the fiscal and
reputational implications that these incidents can have and assess how much access
they give to third-parties that operate within their network," states Stuart Facey.
"With open banking on the rise, the risks that come from sharing data and network
access to an ever-expanding list of partners is only going to grow."

The report did show that some organisations are managing these risks with a
privileged identity and access management (PIM/PAM) solution. These same
organisations experience less severe security breaches and have better visibility
and control than those that use manual solutions or no solution at all. In fact,
less than half (34%) of organisations using PIM/PAM experienced a serious breach or
expect to in the next 6 months, compared to 66% of those without control of their
privileged users.

“As the vendor ecosystem grows, organisations need to accept that the way to
mitigate risks is by managing privileged accounts through technology and automated
processes that not only save time, but also provide visibility across the
institution’s whole network,” commented Stuart Facey. “By implementing
cybersecurity policies and solutions that also speed business performance,
organisations can begin to seriously tackle third party risks.”

Research methodology

1021 key decision makers with visibility over the processes associated with enabling
internal users and external parties to connect to their systems completed a survey
in February 2018. Those surveyed were all IT professionals across operations, IT
support/helpdesk, IT security, compliance and risk or network/general IT roles.
Respondents were from a range of industries, including manufacturing, finance,
professional services, retail, healthcare, telecoms and the public sector. The
survey was conducted across the United Kingdom, the United States, Germany and
France.

You can download the report here:
https://www.bomgar.com/resources/whitepapers/privileged-access-threat-report.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts