When it comes to trust in business, a second chance is not always granted. Our clients need to focus on an up-to-date holistic security approach. Update your tools.
What do big brands such as Marriott, British Airways, HSBC, Uber, Dixons Carphone and recently Mumsnet have in common? It is that data security failures tattered their brand reputation and finances. Patching up a breach seems to be a regular occurrence in these cases but the reputational damage lasts much longer. Can we really not do better than that?
In a hyperconnected world, the financial and reputational consequences can go viral and global in an instant and this is a risk that can be avoided. For companies in the world of finance this is especially important – can you imagine the loss of trust that would result, the loss of trust that would impact your relationship with your traders?
Data security breaches are seen as the number one risk when doing business in Europe, Asia and North America – markets that account for 50% of global GDP – and it seems that this nightmare came true for some of the world’s biggest businesses in the last 12 months, obviously targeted because they have the most data to steal.
In the case of a data leak event, timing is extremely important and can challenge companies, especially the Big 50s as they usually have decision making processes to match their size along with elephantine procedures. After May 25, 2018, the European Union General Data Protection Regulation (GDPR) came into effect, meaning that companies have just 72 hours to admit to an attack or face finance-devastating fines.
2018 was an annus horribilis for many companies. British Airways had the details of around 380,000 airline bookings compromised, exposing names, addresses and credit card data. Their own description of this as “an urgent case” was possibly an understatement. A plethora of excuses and promises followed. The same year in October, HSBC suffered a serious data breach where account numbers and balances, statement and transaction histories and payee details, as well as user’s names, addresses and dates of birth were violated.
Don’t be too confident: know your infrastructure
Businesses need to strengthen information security and resilience in order to maintain confidence (their own and that of their stakeholders) in the market. Organisations that adopt security hygiene methods and regular self-analysis can develop resilience and incident response plans and employ the right mix of people and processes for dealing with the various threat scenarios and attacks or, at least, minimize their damage and impact.
Surprisingly, a lot of companies around the world think they are safe. Are they right? It’s often difficult to tell the difference between a company that invests heavily in information security and one that doesn’t. Often, not even those responsible for security or the IT staff know that they are not safe until the company faces a breach, but that’s obviously too late. Big companies need to develop something like a fire-response approach to information security breach events. It means not only training, but also running simulations, and a plan that connects IT, public relations and customer service, who may all need to address the situation.
Public trust needs to be preserved as you may be able to fix the data system relatively quickly, but the damage to your reputation may not be so easy or quick to repair.
An old infrastructure: relentless updating
If you look deeper, you can see that the data infrastructure we are all using is actually obsolete: built on methods that were created during the last century. We have merged the physical and online realms to produce the Internet of Things, Artificial Intelligence and a mass digitalisation of supply chains. A next-generation of security and a consequent new approach is needed.
In 2019, just after a year of massive data security failures that smacked many giants hard in their corporate faces, organisations need to be proactive instead than reactive: it’s imperative.
Security is at the heart of everything we do at MTP. Our specialists can help your company review its preparedness and, in conjunction with ethical hackers and penetration testers, ensure that your trading systems, upstream connections, APIs and trading front ends are ready for prime time.
Contact MTP today by email or phone +44 20 7175 0687 and get secure Trading Apps for iOS, widgets, advanced charting and stable market data analysis with a global service delivery platforms.