Hacker
‘Simple mistakes’ putting financial firms at risk of cybersecurity breach. Reuters/Kacper Pempel/Illustration

There is a growing confidence gap between IT professionals at financial firms and their ability to meet regulatory requirements for securing unstructured data such as emails, PDFs and other business files and documents, according to an industry report.

A survey of IT professionals by technology and communications firm BlackBerry found that 65% said they were uncertain if their business protocols around collaboration and file sharing meet regulatory requirements.

One-third of the respondents reported that their organisation has employees using file-sharing applications that are not approved by IT, but thankfully only 26% reported a breach due to external attack.

Responding to its survey findings, based on detailed polling of over 200 senior IT professionals stateside, BlackBerry said they underscored the pervasiveness of internal versus external threats, and how common operational risks are.

Alex Manea, chief security officer at BlackBerry, noted: "Some of the most confidential corporate information is stored and shared in documents, spreadsheets and presentations. If you don't have an effective way to protect these files across all endpoints, both inside and outside of your network, then you have a big gap in your security strategy.

"All it takes is for one user to type the wrong name or attach the wrong files in an email exchange, and you have a potentially massive breach to clean up."

Elsewhere in the survey, over one-third of respondents reported either that their organisation has employees using file-sharing applications that are not approved by IT.

Nearly one-fifth (17%) of survey respondents reported their organisations suffered a data breach at the hands of internal bad actors. This includes disgruntled employees and others, who either obtained access to sensitive information or had access all along and simply distributed the data to unauthorised parties.

More than one-quarter of respondents indicated they had a security breach caused by a simple mistake such as the accidental sharing of sensitive files, while 18% acknowledged security breaches took place due to lost, stolen, or unsecured devices.

Inadequate separation between the employee's personal and private life is another source of worry. Respondents admitted to suffering security breaches caused by use of personal email and file-sharing accounts (20%) and use of personal software or devices for corporate business (20%).