Uptycs Blog | Cloud Security Insights for Linux and Containers

Cloud Security For Financial Services: Survey Summary

Written by Uptycs | 11/5/22 8:53 PM

While you might be feeling that 2023 is looking a lot more ‘normal’ from the outside compared to 2020, the digital world has shifted… and it will never be the same.

 

As the pandemic pushed employment, school, and commerce online, cybersecurity was often an afterthought. Since then, organizations have been scrambling to keep up with an unending onslaught of cyber attacks, while simultaneously shifting from on-prem to cloud solutions. Financial service firms are among the most targeted organizations and therefore must be two steps ahead of every attacker–but there are some hurdles along the way.

 

In a recent survey titled Financial Services Cybersecurity Challenges, Tool Satisfaction, and 2023 Plans from Canam, 75 security directors, engineers, and managers from financial service firms were asked about their organizations’ cybersecurity struggles and plans.

Only 31% of respondents were 'OK' with their current cloud platform.

Cloud Security For Financial Services: Top Takeaways

Here are the big takeaways about why this might be–and how organizations can move forward. While each company will have specific needs, there were several major concerns shared:

 

1. Data Breaches Are a Looming Worry

54% of survey respondents indicated that data breaches are their biggest cloud security concern–and that’s not a misplaced fear. Considering that a data breach can become a multi-million dollar issue, to say nothing of reputational damage, it’s intimidating. Knowing how to defend data stored in a cloud platform is becoming a central issue for financial and legal reasons alike.

2. Cross-team Adoption Of Tools Isn't Working

To achieve effective cloud security, entire teams need to engage meaningfully. Unfortunately, a whopping 85% of survey participants struggle “to get outside teams off the bench and engaged in their cloud security.” While this might be a little disheartening, training can help employees understand how their roles are crucial to the safety and privacy of an organization. That said, it’s also important to move forward with stronger policies, especially for daily authentication, remote desktop access, and cloud security.

3. Acting Fast Is Tough

It’s proving difficult for firms to detect and prioritize threats in the cloud. In fact, 20% of the respondents indicated that they aren’t able, for a variety of reasons, to do real-time threat mitigation at all. This means there are constant vulnerabilities, but it also means that alert fatigue is a huge, growing problem. 74% of respondents reported it as an issue, indicating that most platforms being used don’t provide a real way of prioritizing threats or reducing risk effectively.

Establishing preventative policies will lead to better cybersecurity defense overall, but organizations still need to be able to detect immediate threats and act rapidly.

4. Clarity and Visibility Aren't The Best

Companies often don’t have a single source of truth to build a security stance on. Instead, their choices of cloud platform, security software, security policies, and IT maintenance might all come from disparate sources, or different tech stacks. This leads to poorly integrated, overly complex situations.

 

In the same vein, asset visibility is also a challenge. With so many operating systems, endpoints, and environments, a holistic understanding of the threats and security concerns is impossible. 

In the survey, asset visibility was rated strongest with Windows environments and weakest among macOS and container/K8s. 

 

After investigating these issues, it wasn’t surprising to note that only 13% of the survey participants said they are very confident in their ability to identify and remediate cloud security threats.

 

 

So Let's Talk Solutions:

1. Find Focus  

The survey showed that the majority (56%) of the respondents will be focusing on their cloud security platform in the next year, in order to strengthen their cybersecurity posture.. About a third will also focus on training, pen testing, and threat intelligence. Identifying exactly where an organization needs to shore up is a great first step. 

 

2. Talk Budget

While budgeting can be a tough conversation, especially if you’re a decision-maker, allocating funds for cybersecurity is a priority. Fortunately, 58% of the respondents indicated a plan to increase cloud security budget–likely out of necessity.

 

Decision-makers should keep in mind that ROI for cybersecurity can be difficult to measure, and even when ROI is low, it doesn’t mean the budget should be slashed or decreased at all. It might just mean that posture has been working well in the measured past. The goal is to not experience a costly security breach. It’s challenging to prove the value of a negative, but staying ahead of the problem requires IT time and budget.

 

3. Hire An Expert Or Get Trained Up

Companies may also be encountering conversations about how to attract qualified security staff. Over the past five years, we’ve seen shortages. According to respondents, organizations are compensating by training their existing IT staff (47%), investing in new tools (36%), and hiring consultants (30%).

 

Identifying a solution for most companies, practically speaking, will mean 1) locating tools with greater integration so that 2) a single source of truth is easy to reference and 3) real-time threat detection in the cloud is more straightforward.

 

The threat landscape is only getting more complicated, and more dangerous. Firms need a solution that allows them to monitor, detect, and prioritize threat activity as it traverses on-prem and cloud boundaries. The best-case scenario is a cohesive, enterprise-wide posture that is accessible from a single platform–and that’s just what Uptycs delivers.

 

Be ready for what’s next – get started with Uptycs.

 

Will you be at AWS re:Invent this year? We certainly will be! Learn more below.