Proactive security is required in highly regulated industries

by CXOtoday News Desk    Apr 22, 2013

proactive securityEven though systems and networks are becoming more open and accessible, threats have also become more advanced, persistent, and complex. This is a particularly true for highly regulated markets such as financial services, where failure to protect sensitive information will have a negative effect on the business. Therefore proactive security needs to be maintained in these sectors, according to analyst firm Ovum. Andrew Kellett, Principal Analyst, Infrastructure and Security said that keeping business organizations safe is harder than it used to be for several reasons. These mostly relate to the well-worn arguments that malware is becoming more difficult to detect, attack volumes and their intensity are growing, and the effectiveness of traditional security products is in decline. “There is a predominant requirement to more actively prepare organizations to deal with security threats, to provide proactive approaches to protection, and to minimize the impact of malware on businesses and their users. Downtime is more than an operational inconvenience, and cost should be measured beyond financial imperatives,” he said. In the financial services sector high-speed financial transactions are processed in massive volumes across the world. The report points out that online banking services and real-time trading has a significant impact on the way that organizations do business, and faster payment systems and high-speed requirements for global transactions put pressure on Internet-based systems. The high-profile nature of financial services business models makes them a prime security target.

“In such a scenario, static security defenses are no longer good enough. Organizations should focus on proactive security initiatives including preemptive, knowledge-based protection that uses security intelligence and analytics, and active threat mitigation through software testing,” said Kellett. Ovum research shows that testing provides the opportunity to identify vulnerabilities in applications and software systems. These solutions can be particularly good at finding unknown vulnerabilities in software code, which if they remain undetected, open up the opportunity for malware to be executed. By testing for and gathering information on vulnerabilities, organizations can develop proactive defenses against cyber attacks. The other area of concern for banking and financial companies is the failure to detect and deal with the range of disruptive distributed denial of service (DDoS)-styled attacks that are prevalent today can cause millions to be lost within a short period of time. Ovum research shows that protecting against DDoS and related attacks is important to the operational health of organizations. Some business and technology experts take the view that these attacks have to be factored in as a cost of doing business and have to be dealt with as such. As Kellett pointed out that putting the right defenses in place is a vital stage to reducing the cost overheads and enabling attacks to be dealt with while incurring the least amount of inconvenience for organizations.