Breaking the banks

Financial service institutions are increasing their focus on security, but pressure from motivated attackers is on the rise, according to a global IT security survey.

  • E-Mail
By  Eliot Beer Published  June 25, 2006

|~|secrep200.jpg|~||~|The vast majority of financial bodies have experienced an IT security breach in the last 12 months, with 85% of organisations in EMEA being compromised, according to a survey by Deloitte Touche Tohmatsu of financial service institutions FSIs around the world. “There continues to be an exponential increase in the sophistication of threats and their potential impact across an organisation,” said the survey’s authors. “When asked to rate the intensity of perceived threats over the next 12 months, 53% of respondents chose phishing and pharming while 51% chose viruses, spyware, Trojans and worms.” DTT’s survey showed that an average 82% of FSIs globally were breached in the last year; 72% of those compromised said the attack cost them more than US$1 million. Most breaches (78%) resulted from an external attack, although almost half of respondents said they had suffered both internal and external attacks. Information security is also becoming increasingly important to FSIs, but still represents a small proportion of overall IT budgets. The survey, which was released last month, revealed 95% of FSIs increased their IT security budgets from last year, but almost 50% of respondents from Europe, the Middle East and Africa said security made up only 1%-3% of their IT spending; no organisations from EMEA spent more than 10% on security. In some areas the survey’s findings suggested an inconsistent approach to security; while 71% of organisations surveyed have an information security governance framework – with a further 15% having a draft version – only 24% had begun to combine information and physical security roles, and 7% said they will tackle the issue of convergence within the next two years. The survey also revealed significant numbers of FSIs around the world do not measure their security effectiveness: “While virtually all financial institutions would want to be considered ‘world class’ when it comes to managing information security risk, most would have great difficulty living up to such a claim. “According to the survey, the challenge lies with the fact that many financial institutions still do not measure the effectiveness of their information security controls – and one cannot prove what one does not measure.” Another major concern highlighted by the DTT survey was identity theft – 58% of FSIs will focus on it and account fraud as priorities in the coming year. Organisations are having to face up to data leakage, with 18% experiencing some loss of sensitive data. “Organisations… have to recognise that identity theft is not just about the technology. Low-tech forms consist of laptop, mobile device theft or social engineering techniques, such as posing as a call-centre employee or sending a fake email to obtain personal identifying information. Often the security of information is compromised by human behaviour, whereby individuals who have been entrusted with managing personal information lack adequate security qualifications,” said the survey. The survey covered 31% of the top 100 global financial institutions by market value, 34% of the top 100 global banks, ranked by 2005 tier-one capital, and 16% of the top 50 global insurance companies by market value. 35% of respondents were from EMEA, with North America making up the second largest block at 29%. 74% of institutions surveyed were banks, with around 62% of respondents having less than $5 billion in annual revenue. The survey is available here.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code