Profile
Location
London
Member since
2011
Reads

Simon's blog archive

2013 (1) 2012 (1) 2011 (6)
Simon Romp

Simon Romp

Specialist in Information Security at GFT
Message Message me Posts: 8 Comments: 3
Bio A motivated and professional consultant with a history of successful project management and delivery for many high-profile Tier 1 clients. Career History Worked for the last 10 years exclusively in financial services, with an in-depth understanding of Technology and Infrastructure within the sector.

Blogs

 

The real threats to digital security

03 Apr 2013

The financial services industry is increasingly reliant on multiple digital channels to facilitate business growth. While this provides significant opportunities, it also comes with increasing threats. The industry is now more vulnerable than ever before to attacks from individuals and groups with a range of motives. Large scale businesses with hi...

 

Another one slips through the DLP net...

23 Jan 2012

New York Fed contractor charged with stealing Treasury code – this story is yet another example of how organisations are failing to address the risk that ‘trusted insiders’ – in this case a contractor – can pose. In an age of terrorist hactivists, many organisations are rightly focusing their data security efforts on securing their systems from ‘e...

 

The need for data theft deterrents

28 Nov 2011

This case is just the latest example of how “trusted insiders” can pose a risk to an organisation’s data security defences and how they continue to by-pass them altogether, only to get found out when it’s too late. It highlights that while most organisations have invested heavily in securing their systems from “external” threats, there has been pr...

 

Falling prey to the 'insider threat'

10 Aug 2011

This latest data security breach at Citi epitomises the many ways in which data can go astray. In a recently publicised case, data was stolen from Citi by external hackers. The culprits in this most recent Citi data loss are believed to be “insiders” who had privileged access to the bank’s systems. If any lesson is to be learnt from this incident...

Simon is Commenting on

Data breach notification to be mandatory for all sectors

  Financial institutions must plug insider leaks If these proposals go through, banks that do not already have a thorough data protection policy in place could be hitting the headlines more often than they would like and for the wrong reasons. What could cause even more incalculable damage to a bank's reputation is if a data security breach that becomes public knowledge was the work of an "insider". While most banks have secured their networks from "external " threats, in the absence of thorough user auditing and control systems, there remains an immediate risk from the bank's own staff, contractors and outsourcing partners. Part of the problem is that some staff have inappropriate access to systems and sensitive data, thereby creating serious security threats. Even if all users can be limited to the systems that they need access, there remains no guarantee that these users will act responsibly when using their access rights. This is especially true where there are inadequate levels of accountability. At the same time as trying to prevent the loss of data, banks need to keep their business fluid and responsive as well as maintaining effective controls within a set of cost constraints. Add to that the need to respect employees' privacy rights, and financial institutions are left with a myriad of issues that they need to address. They are not the Ministry of Defence so locking all systems and data sources down, and frisking employees as they leave the building, is not the way to go! The plans to extend European legislation on data protection to the financial services sector should serve as an incentive for banks to review current data security policies and conduct serious risk assessments to identify where there is potential for data loss. Once these gaps have been identified, financial institutions can then take the appropriate measures to address data leakage points and avoid becoming front page news.