The WannaCry ransomware attack that broke out May 12 attacked hundreds of thousands of Windows XP computers and tens of thousands of organizations spanning more than 150 countries. It provided a wake-up call about the vulnerability of organizations and the potential worldwide scope of cyberattacks.
Beyond the regulatory and reputation nightmare, the global cost of cybercrime is staggering. It’s reported that it will reach $2 trillion within two years. Because of the compliance and regulatory requirements of both the financial services and healthcare industries, the cost per breach is expected to be higher than for almost any other industry groups, in fact.
Even more frightening is the fact that financial services industry is a top target for cyberattackers. The recent Verizon security report shows that almost one-quarter of data breaches affect financial organizations, with 88% of these occurring through web application attacks and denial of service attacks, as well as payment card skimmers.
Build Resilience Into Your Infrastructure
Recently, Accenture worked jointly with Oracle to provide a roadmap for strengthening business resilience and ensuring business continuity in the face of these ever-greater threats.
A key point is that you can mitigate data security risk better by building in security that prevents data breaches in the first place, rather than reacting to an event. Even if you can repel an attack, system performance will degrade while under attack—slowing operations and reducing staff productivity.
Network security alone simply won’t do the job. You need to build in security throughout your infrastructure, right to the core.
Are you wondering if your financial services business adequately protects sensitive customer data? Here are some questions you need to ask:
· Do the IT policies adhere to industry standards with regards to database security?
· What measures are in place to protect from unauthorized access or misuse by privileged users?
· What measures are in place to protect from data corruption, and unrecoverable and intentional damage to data?
To ensure Oracle database security, Accenture takes a full-lifecycle approach based on four pillars. Let’s look at each:
Data Security Pillar #1: Discovery
In the discovery phase of the process, you begin by getting an assessment of where your systems are today. This includes an audit of your database architecture and past events; analysis and confirmation of vulnerabilities in critical areas like user access, application security, and patch validations; and then a summary of the findings with recommendations.
Data Security Pillar #2: Engineering a Solution
The next step is to engineer a solution based on your specific business requirements. This should include a security and compliance model; an intrusion detection system; integration of third-party applications; and Oracle Advanced Security solutions that include encryption, masking and redaction, and compliant identity management solutions. Because Oracle Engineered Systems are completely integrated and optimized through every layer of the stack, the data security is already built in.
Data Security Pillar #3: Implementation
Once the solution is developed, it’s time to implement it. But implementing a new solution is not only tedious, it can offer its own security risks as well. Sourcing individual components of a new database solution and working with the networking and storage team to install, configure, and patch can be overwhelmingly complex and time-consuming. Not to mention that taking systems offline for a long period of time could leave you unnecessarily exposed.
Oracle Exadata, Oracle's flagship Engineered System, is an all-in-one database platform. Because servers, networking, and storage are all preconfigured, pretuned, and ready to deploy, you can deploy in a matter of days versus weeks or even months. Because of the massive consolidation ratio, applying a pretested quarterly patch to a few Exadata machines is faster and much easier than having to dedicate resources to patch several disparate machines and ensure compatibility after each update. You're also reducing your surface area of attack. A smooth implementation is a great indicator of how your security measures will continue to go in the future.
Data Security Pillar #4: Education
Continued training, workshops, and educational materials can help ensure data security doesn’t stop once systems and processes are implemented. Building resilience into your organization extends much further than just hardware. Teaching employees new and old how to protect their passwords, avoid phishing scams, and develop good workplace habits, such as locking your computer when you step away to go to the bathroom, are all important measures in ensuring data securing across the entire organization.
How a Major Bank Realized Better Data Security and Performance With Engineered Systems
Oracle Engineered Systems are co-engineered with the Oracle Database team to deliver unique security enhancements and stronger end-to-end security for the entire stack. For Chinae Savings Bank of South Korea, security like that is paramount. With a network of 14 bank branches and internet and mobile banking services, Chinae needed to strengthen security for customers’ personal information, such as bank account details and home address, and prevent malicious attacks and data breaches to ensure compliance with stringent Korean Personal Information Protection Act requirements. By combining Oracle Advanced Security, Oracle Exadata Database Machine, and Oracle Exadata Storage Servers, Chinae experienced the following results:
· Minimizing exposure of sensitive customer information during online transactions and keeping unauthorized users from accessing sensitive information improved data security.
· Data encryption and redaction capabilities ensured the bank’s compliance with South Korea’s regulatory requirements.
· Data redaction directly into the database operation system increased security without affecting system response time and CPU utilization rate.
· The "smart" Exadata Storage Servers allowed credit-related transactions to be processed 3x faster than before, at 660 transactions per second.
· Exadata "out-of-the-box" pre-tested, pre-configured platform allowed the new retail banking platform was deployed in just 5 months. This accelerates data transfer between Chinae Savings’ core banking and information system and the external system for Korea Federation of Savings Bank from 20 hours to just four hours—a 5x improvement.
Chinae was able to improve data security, but also improved performance of their risk analysis and credit management by enabling bank employees to rapidly access customer credit data, such as loan amount and credit rating, and ensure timely updates to the account and customer information management systems.
You don’t have to sacrifice performance for data security. By engineering security into your infrastructure from the start, you can get the best of both worlds and avoid becoming a statistic on the growing data breach-shaming list. Learn more about the four pillars of data security in the report published by Accenture and Oracle, "Digital Trust: Securing Data at Its Core" and how Oracle Engineered Systems can help you enhance your financial data security.