《Thales:2023年数据威胁报告-金融服务版(英文版)(18页).pdf》由会员分享,可在线阅读,更多相关《Thales:2023年数据威胁报告-金融服务版(英文版)(18页).pdf(18页珍藏版)》请在三个皮匠报告上搜索。
1、FINANCIAL SERVICES EDITION2023 DATA THREAT REPORTSecuring Digital MarketsIntroductionThe security challenges faced by financial services(FiServ)organizations cannot be overstated.As the managers and custodians of financial assets and related sensitive data,these organizations are under constant atta
2、ck from bad actors and receive increasing scrutiny from regulators,while trying to address customer and competitive demands for greater digital access.Regulatory pressures can also constrain options in their digital transformation journey,which has contributed to a more cautious approach to cloud ad
3、option than in some industries.Security teams in the FiServ industry need to secure infrastructure environments that have become more multicloud and more complex.There are positive trends in key areas,but still much work to be done.The latest Financial Services Edition of the Thales Data Threat Repo
4、rt explores the perspectives of 140 FiServ respondents in 18 countries regarding their understanding of the evolving security threat landscape,and challenges and strategies for protecting data,whether in the cloud,on-premises or across multicloud and hybrid environments.Source:2023 Cloud Security cu
5、stom survey from S&P Global Market Intelligence,commissioned by Thales.2023 Data Threat Report:Financial Services Edition2ContentsKey findings 4Its a multicloud world 6The threat landscape for financial services 8Data security concerns 10Impacts of data sovereignty 12Operational complexity hampers s
6、ecurity 13Pathways to better data security 14Moving ahead 16About this study #2023FiServReport3particularly in FiServ,with the average number of cloud providers now exceeding two(2.16),growing 12%in the last year.Three-quarters of FiServ respondents(74%)have two or more cloud providers.Identity and
7、encryption management complexity can be serious issuesMulticloud is todays reality The proportion of FiServ respondents who agree with this sentiment has increased to 55%from 44%last year,a potential byproduct of increasing multicloud operations.of FiServ organizations surveyed have five or more key
8、 management systems.Cloud-hosted applicationsCloud infrastructureStronger authentication is a priority in FiServ,indicated by higher levels of reported MFA deployment.69%31%34%71%74%Securing data in cloud is considered complex65%60%55%50%40%45%20232022Leading targets of attackersThe average number o
9、f SaaS apps used by FiServ FiServ respondents report greater use of SaaS applications,which increases the number of points where data must be secured.The average number of applications in use jumped 67%over three years,from 82 to 137.1372023 Data Threat Report:Financial Services EditionKey findings4
10、Digital sovereignty issues loom large on multiple frontsThere needs to be greater encryption of sensitive data compared to the total survey population.Nearly two-thirds of FiServ respondents(64%)report seeing an increase in attacks,versus 49%survey-wide.Notably,more FiServ respondents also report ha
11、ving experienced an attack(35%vs 22%overall).of sensitive data in cloud is encrypted on average more FiServ organizations control all of their own encryption keys.There is high reported use of cloud-provider-dependent encryption management,alongside growing concerns about sovereignty mandates.79%46%
12、are concerned about the impacts of sovereignty issues on cloud deployments.ONLYHuman error is a large concern for FiServ organizations in many areasRansomware is a greater concern for financial servicesselected it and almost a third of those ranked it as their top threat(30%).Concerns about blockcha
13、in attacks(49%)and network decryption of sensitive data(66%)are both cited more frequently by FiServ professionals than by those in other industries.FiServ organizations are more concerned than the broader survey population about some of the risks of quantum computing 79%64%#2023FiServReport5Source:
14、S&P Global Market Intelligences 2021-2023 Data Threat custom survey.60%32.521.500.5150%40%30%20%10%0%Number of infrastructure-as-a-service providers in use Number of infrastructure-as-a-service providers in use.202345FISERV AVERAGESURVEY-WIDE AVERAGE2023 Data Threat Report:Financial Servi
15、ces EditionThere is increasing multicloud use among FiServ organizations,but it is growing more slowly than in the broad market.The average number of cloud providers increased 12%in the last year(2.16 versus 1.93).FiServ environments are already challenged with securing existing systems that may nev
16、er move to cloud,while also managing cloud security in an increasing number of locations.While cloud infrastructure use is lower among FiServ organizations than among the broad survey population,SaaS use is much higher.Broad market respondents report that their enterprises use an average of 97 SaaS
17、applications;in FiServ,that number balloons to 137,or 41%higher.This adds to the number of environments in which data has to be managed and secured.Its a multicloud world6IoT devicesInternal networksTop cited cyberattack targetsIn general,which of the following are the biggest targets for cyberattac
18、ks?Source:S&P Global Market Intelligences 2023 Data Threat custom survey.25%30%35%20%15%10%5%0%Cloud infrastructureSaaS applicationsWeb applicationsCloud storageEnd-user devicesIdentity/credential stuffingCloud databasesThird-party networksCloud hosted applications(IaaS,PaaS)On-premises legacy appli
19、cationsOn-premises #2023FiServReport72023 Data Threat Report:Financial Services EditionThe threat landscape for FiServ organizations is complex and multifaceted.Cloud-based resources are seen as the leading targets of attackers within the FiServ industry.Cloud-hosted apps are most cited,at 34%,follo
20、wed by cloud infrastructure at 31%.When looking at cloud infrastructure attacks in detail,third-party attacks lead.This shift in attacker targeting has been reported across industries and reflects an effort to find and exploit the weakest link in an organizations protections.Interestingly,FiServ org
21、anizations are more likely to report that credential compromise/credential cracking attacks on their cloud infrastructure are increasing compared to enterprises overall(56%versus 42%).Both of these points reinforce the importance of using more sophisticated authentication technologies with a secured
22、 root of trust to manage access,as well as ensuring that foundational data protection capabilities such as encryption are implemented comprehensively and robustly.Fewer than a third of FiServ respondents(31%)experienced a data breach in their cloud environment in the last year,notably lower than the
23、 broad market(40%).The proportion of FiServ respondents who report having ever experienced a cloud breach is slightly lower than the survey-wide result(42%versus 46%).There are widespread concerns about the impact of quantum computing and its potential to break encryption protections.FiServ organiza
24、tions are a bit more concerned than the total survey population about quantum attacks(98%versus 96%).Perhaps more interesting are the differences in the types of attacks that raise concern.FiServ respondents are more concerned than the broad population about the risks of quantum-based attacks on blo
25、ckchain(49%versus 43%survey-wide).They are also more concerned about the decryption of network traffic(66%versus 62%).The threat landscape for financial servicesof FiServ respondents experienced a data breach in their cloud environment in the last year31%8Types of cloud infrastructure attacks increa
26、singWhat type of cloud infrastructure attacks are you seeing increase?Source:S&P Global Market Intelligences 2023 Data Threat custom survey.50%60%70%40%30%20%10%0%Infrastructure compromiseThird partyHuman error or misconfigurationCredential compromise/cracking(weak credentials)Credential theft/stuff
27、ingFISERVTOTAL#2023FiServReport92023 Data Threat Report:Financial Services EditionThe digitization of many businesses is generating growing volumes of data that must be secured.This is particularly acute in FiServ,where regulatory mandates on both security and resilience are key.The survey shows tha
28、t an increasing proportion of data resides in cloud-based infrastructure,but the bigger story concerns sensitive data.FiServ organizations report a dramatic increase in the proportion of cloud data that is deemed sensitive.In 2021,55%of FiServ organizations said that more than 40%of their cloud data
29、 was sensitive;this year,that proportion rises to 68%.On average,FiServ respondents say 53%of their cloud data is sensitive.This comes alongside the reporting that only about a third(34%)are able to classify all of their data,a fundamental requirement for effective data protection.Its an improvement
30、 from last year(24%),but clearly,this remains a challenge.Just less than half(47%)say that they can classify at least half of their data.An increasing proportion of sensitive data is being encrypted,but its still not enough.FiServ respondents on average report that only 46%of sensitive data in cloud
31、 is encrypted,which is similar to the broad survey result.But FiServ organizations show greater maturity in the data protections that are in place.More FiServ respondents control all of their own encryption keys compared to the survey-wide sample(21%versus 14%).In multicloud environments,there is mo
32、re data movement between on-premises,cloud and partner environments.To facilitate secure and efficient movement of data,data management and encryption must work across all environments where data is put to work.Data security concernsof FiServ organizations are able to classify all of their data34%ON
33、LY10Percentage of sensitive cloud data encryptedWhat percentage of your organizations sensitive data in the cloud is encrypted?Source:S&P Global Market Intelligences 2023 Data Threat custom survey.30%25%20%15%10%5%0%51%-60%Up to 10%71%-80%21%-30%61%-70%1 1%-20%81%-90%31%-40%Above 90%41%-50%35%#2023F
34、iServReport1 12023 Data Threat Report:Financial Services EditionDigital sovereignty is an emerging strategic initiative and,along with privacy and compliance efforts,it represents opportunities for enterprises to accelerate their digital transformation.Putting better data management controls in plac
35、e can ensure that stakeholders have access to the data they need,without having to build in controls as part of each new use case.About four-fifths(79%)of FiServ respondents worldwide are“somewhat”or“very”concerned about impacts of digital sovereignty on cloud deployments.Thats lower than the survey
36、-wide figure and may indicate that regulatory requirements have already pushed FiServ organizations to implement data controls that could address digital sovereignty requirements.Almost half of FiServ respondents(44%)consider full data encryption an acceptable measure to achieve various levels of di
37、gital sovereignty.This is 5 percentage points higher than the broad survey result.That could indicate greater comfort and confidence in FiServ organizations data protection capabilities.That said,more than a third(38%)believe that location is important for all of their workloads.Impacts of data sove
38、reignty12Operational complexity hampers securityOne of the largest challenges to overcome in security is operational complexity.Complex operations increase the chance of human error,which FiServ respondents cite as the greatest security threat:79%select it as a threat,and almost a third of those ran
39、k it as their top threat(30%).Human error is also the top reported cause of cloud data breaches and is cited by FiServ organizations to a greater degree than survey-wide(61%versus 55%).Vulnerability exploitation is a distant second at 22%.More than half(55%)of FiServ respondents indicate that it is
40、more complex to manage data in cloud than in on-premises environments.Multicloud infrastructure can increase complexity,particularly when it comes to data encryption.Fewer than a quarter(21%)of FiServ respondents say they control all of their encryption keys in their cloud environments,which,while b
41、etter than survey-wide,still means the risk of third-party exposure is significant.Well over half of FiServ respondents say they have five or more key management systems(69%).Thats an increase of 4 percentage points over last year,headed in the opposite direction of where it should be and leading to
42、 greater operational complexity.If existing key management systems arent extended to new cloud environments that become part of the production infrastructure,organizations will continue to add silos of key management systems as they grow,compounding complexity and the risk of errors.of FiServ respon
43、dents say they control all of their encryption keys in their cloud environments21%ONLY#2023FiServReport132023 Data Threat Report:Financial Services EditionIdentity and access management(IAM)has been identified as a top mitigating control for data breaches.FiServ organizations have reported above-ave
44、rage deployment of strong MFA and a significant increase in adoption,moving from 62%in 2021 to 71%this year.Modern authentication is critical to addressing todays authentication risks.Simplifying encryption management is mandatory.In a multicloud world,organizations have to be able to centrally mana
45、ge keys that are used across their infrastructure on-premises,as well as in cloud.Getting to a zero-trust posture in cloud can build a better foundation for operational security.In this years survey,41%of FiServ respondents say they have zero-trust controls on cloud networks and 47%have zero-trust i
46、n place for cloud infrastructure.Thats ahead of the average,which is good news.Interestingly,zero-trust use in internal networks lagged the average(29%versus 36%),an area that could use improvement.Pathways to better data securityof FiServ respondents say they have zero-trust controls on cloud netwo
47、rks41%ONLY14Implementation of zero trust by financial services respondentsHow does your organization use zero-trust practices?Source:S&P Global Market Intelligences 2023 Data Threat custom survey.45%55%50%60%40%35%30%25%20%15%10%5%0%Remote access systems Cloud networksCloud infrastructureInternal ne
48、tworksServer managementNot implementedFISERVTOTAL#2023FiServReport152023 Data Threat Report:Financial Services EditionMoving ahead FiServ organizations face a unique set of risks and additional complexity in managing data security.Digital transformation and rising regulatory pressures have led to in
49、creases in both the volume of data and the imperatives to secure it.At the same time,expanding data ecosystems and multicloud infrastructure are creating the need to move more data to more locations.To address these challenges and overcome issues with human error and misconfiguration,data protection
50、 needs to become simpler to manage.Delivering effective and efficient security requires increased automation and consolidated management to cope with expanding infrastructure and scale.Organizations that put in the effort receive dual benefits:improved security posture and increased ability to meet
51、compliance requirements.FiServ organizations have been making progress and,in some cases,are ahead of the average enterprise,but there is still much more to do.16Revenue$100m to$249.9m 91$250m to$499.9m 749$500m to$749.9m 796$750m to$999.9m 748$1Bn to$1.49Bn 229$1.5Bn to$1.99Bn 134$2Bn or more 142In
52、dustry SectorRetail 158Manufacturing 148Financial services 140Healthcare 139Federal government 125Public sector 122Technology 117Automotive 114Pharmaceuticals 108Telecommunications 101About this study This research is based on a global survey of 2,889 respondents,of which 140 were from financial ser
53、vices companies.The study was fielded in November and December 2022 via web survey with targeted populations for each country,aimed at professionals in security and IT management.In addition to criteria regarding the level of knowledge about the general topic of the survey,the screening criteria for
54、 the survey excluded those respondents who indicated an affiliation with organizations with annual revenue of less than US$100 million and with US$100 million-$250 million in selected countries.This research was conducted as an observational study and makes no causal claims.Australia1 10Brazil100Mexico106Canada107France257Germany252Italy105Netherlands100Hong Kong105India204Japan205New Zealand53Singapore109UK260USA508Sweden104UAE102South K#2023FiServR all office locations and contact information,please visit Thales-November 2023 RMv4