FSA takeovers report critical of IT security
By Miya Knights,
The Financial Services Authority (FSA) has heavily criticised the financial services industry weaknesses it found in information security controls.
The criticisms were published as part of the results of its review of controls over inside information in relation to public takeovers or mergers and acquisitions (M&A) activity.
The review identified a number of areas where both regulated and non-regulated firms need to improve controls over the security of inside information.
These include addressing complacency about the effectiveness of their own internal procedures to prevent data leakages; more widespread use of formal policies, enabling internal reviews to investigate possible leaks of inside information; the application of more rigorous criteria for selecting insiders on deals; and improved access controls around IT systems holding inside information.
It said: "Many firms could improve aspects of their IT controls to limit access to inside information. Some firms were careful in limiting the number of people made official insiders but had not considered the implications of open access IT systems, meaning that non insiders could also, theoretically, access inside information."
The review also helped the FSA identify factors that could contribute to the different types of leaks that may occur around public takeovers, including accidental leaks, where staff may have inadvertently allowed information to escape into the public domain; intentional leaks to the media for strategic positioning; and intentional leaks for market misconduct purposes.
Sally Dewar, director of markets for the FSA said eliminating security weaknesses within financial services organisations was key to reducing incidents of abuse. "We have identified a number of areas where firms could improve their handling of inside information to help reduce the level of leakage," she said.
These include better identity and access management to data, applications and devices including via databases, PCs and mobile devices, as well as more robust policy and procedural development with the introduction of compliance functions and the use of ethical hackers. It also advocated the use of encryption and network technologies, like virtual private networks (VPNs) to further ensure data access protection.
Dewar said the FSA will now work with the industry to develop a Statement of Good Practice to assist non-regulated firms who participate in the M&A sector in demonstrating high standards and robust controls for handling inside information.
advertisement
Latest Security Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Security Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?