Safeguarding account data for 5 million customers in order to maintain brand reputation
Deploy data loss prevention (DLP) to provide detailed visibility into how 12,000 employees access and interact with sensitive information
Incident detection implemented in just 2 days
Eliminated need for employees to handle pre-audit document reviews, optimizing staff resources
Reduced false positives and faster incident response times
More than a 10-year partnership
Turkey’s economic growth and a steadily increasing population have created increased demand for personal banking services. In this highly competitive environment, the bank has become one of the country’s five largest financial institutions by delivering on its mission of productive stakeholder partnerships and customer satisfaction. Management knows that the bank’s reputation is everything, and a violation of customer data—and customer trust—would be catastrophic.
As organizations grow and expand, so do vulnerabilities. And financial institutions continue to be prime cyber targets. The potential for damage was real enough to keep this bank’s Security Incident Management leader up at night. “The most important thing that we are trying to protect is our reputation, which is priceless for us,” he said.
The business hinges on protecting the bank’s more than five million customer account numbers, credit card data, and security tokens from inbound attacks like advanced persistent threats, malware, and phishing emails.
But it wasn’t just inbound threats that the Security Incident Management leader worried about. He was increasingly aware of inside threats and their potential damage—whether through accidental or malicious actions. A McKinsey & Company examination of the VERIS Community Database, for example, showed that about half of publicly reported breaches from 2012-2017 had a “substantial insider component.”1 Internal employees, often unwittingly, are a weak link in the system.
“Upper management are very happy about this high level of quality from Forcepoint.”
Security Incident Management Leader
Regardless of the source, a successful data breach can have widespread effects that could not only negatively impact its depositors and financial partners, but also severely damage—if not destroy—the bank’s brand.
That’s why the bank sought to implement additional measures into its security stack. To keep up with an ever-growing number of potential inbound and outbound vulnerabilities, it needed a powerful but versatile security solution to guard against data leakage without disrupting the organization. Which is why the bank turned to Forcepoint.
Up and running in two days, with no additional servers
Installation and product configuration can be a very complex process with competitor software, but the bank found Forcepoint’s process seamless. With the support of Forcepoint engineers, it was able to install Forcepoint Data Loss Prevention (DLP) in just two days.
“Forcepoint’s deployment was much more streamlined than its competitors’. We didn’t need to add servers to deploy its security solutions, while others would have required us to add as many as 12 servers,” said the Security Incident Management leader. “One Forcepoint engineer came in and, after two days, everything was ready and we were detecting all incidents on my screen—which was unbelievable. This, coupled with the expertise and exceptional support from the Forcepoint engineers, made the decision to go with Forcepoint very simple for us.”
After deploying Forcepoint DLP, the bank was able to achieve a more detailed, comprehensive look at how its more than 12,000 employees— across retail branches, operations, and corporate headquarters—access and interact with sensitive information. Becoming more attuned to how people and data interact enabled the bank to better address both inbound and outbound data vulnerabilities.
Becoming one of the world’s 50 safest banks
The bank saw results right away, from improved insider threat controls to significant reductions in the resources required to maintain an effective data security program.
The bank was able to identify risky users much faster, with drastically reduced false positives. And data fingerprinting capabilities mean that the security leader and his team can follow their data even when user devices are off-network. All these features and more allow the security team to be more attentive to potential issues, understand what’s really important, and respond more quickly.
“We had an issue with an employee. He was trying to gain access to some customer data but was prevented from doing so using Forcepoint DLP,” recounted the company’s security leader. “I wasn’t expecting Forcepoint to detect such a detailed test but it did. Upper management are very happy about this high level of quality.” The bank has since been ranked as one of the top 50 safest banks in the world by Global Finance.
The bank was also able to cut costs by optimizing staff resources. Its security lead says, “Before Forcepoint, we had four employees who were devoted to reviewing highly secure documents before they were sent to auditing companies. Now Forcepoint does the reviewing for us.” He has also found management of Forcepoint’s solution to be easy—everything is tuned from just one interface.
Incident response times shrink from days to hours
Forcepoint’s long-term partnership with the bank actively supports its security journey with regular check-ins regarding organizational needs and product performance health.
Over the last 10-plus years, the bank has come to see Forcepoint as a trusted partner in its security journey, including the development of a connection between each company’s C-level leadership, with senior leaders calling each other directly to discuss security challenges.
In preparing for the next step of its security journey, the bank is currently working with Forcepoint on a proof of concept for Behavioral Analytics. This solution can integrate with DLP to use Forcepoint’s deep understanding of human behavior and intent to enable greater automation and faster incident response times—from days down to hours.
A proactive and humanly attuned approach dramatically improved the bank’s protection of critical data. The organization is confident in its ability to secure its customers within a trusted environment—which gives its security leader the greatest reward of all:
“I sleep better at night knowing that our data is secure with Forcepoint.”
Security Incident Management Leader