Different priorities and critical communication gaps between IT security teams, compliance professionals, and legal counsel are threatening the regulatory and cybersecurity posture of financial firms, according to new industry research into regulatory compliance and secure web use in the financial sector.
The study documents what the researchers call a “surprising disconnect” between the main compliance and data protection stakeholders within leading financial firms. To overcome the resulting deficits, researchers warn, compliance, IT and legal departments “must restore trust and get into sync.”
The publication, titled Surprising Disconnect Over Compliance and Secure Web Use at Financial Firms, is now available as a Triangle Real Time Research Report. It presents the results of an in-depth survey of senior decision-makers in IT, legal and compliance roles. Conducted by Beacon Technology Partners and sponsored by Silicon Valley-based web isolation solution provider Authentic8, it analyzes the cybersecurity and compliance impact of differing online risk perceptions within the surveyed organizations.
“Financial firms have some of the best-funded IT departments of any industry, that’s no secret,” says Scott Petry, Co-founder and CEO of Authentic8. “What’s perplexing to me, with data breaches and privacy violations at an all-time high, is how deep the divide still runs between IT, compliance and legal professionals in many firms, according to these findings.”
The new report quotes practitioners, independent industry observers, and analysts, whom the researchers asked to comment on the survey results.
“These three groups are working on the same problem, but they have different views of what the main problem is,” said Michele DeStefano, a professor at the University of Miami School of Law.
“Financial firms should move to a flatter organizational structure between those groups,” added DeStefano, who co-founded and co-edits the Compliance Elliance Journal. Her recommendation: “IT should be involved in the beginning rather than at the end.”
The survey also discovered that “less accessible” IT departments are generally more aware of the risks involved when employees go online than those with higher ratio of IT personnel to serve the employee population.
While this finding applies to financial companies of all sizes, including large organizations with many field offices, the increased awareness does not guarantee a stronger cybersecurity and compliance posture, the survey found.
“IT departments stretched thin seem to be more acutely aware of web-borne threats and the potential impact on their organization,” says Petry.
“That’s the good part. Unfortunately, that awareness doesn’t necessarily always translate into an effective prevention strategy, as the study shows.”
Instead, some IT departments have developed “tunnel vision” in identifying solutions, according to the research report. Petry says:
“The results show that firms often still rely on ineffective traditional perimeter defenses and point solutions, such as anti-virus tools, URL filtering, and VPN, which in turn introduce additional risks.”
The post #Privacy: Web use at odds with compliance and security in financial firms appeared first on PrivSec Report.