EMEA finance firms struggling with web fraud
F5-commissioned survey reveals companies could lose as much as AED5.69 from attacks
Financial services organisations across the EMEA region are becoming increasingly concerned about web fraud threats, with which they are frequently targeted, according to a survey released today by F5 Networks at the company's Agility customer conference.
The survey revealed that financial service companies are face significant financial and reputational hits due to malware, phishing, credential grabbing and session hijacking attacks. It said that 48% of organisations had experienced financial losses between £50,000 (AED 284,000) and £500,000 (AED 2.84m) stemming from online fraud within the last two years. Indeed, 9% of those surveyed suffered damages of more than £500,000 and 3% over £1m (AED 5.69m).
“Whether it is phishing attacks, man-in-the-middle, man-in-the-browser or other Trojan-based activities such as web injections, form hijackings, page modifications and transaction modifications, the dangers of web fraud are unavoidable and extensive for organisations of every stripe,” said Gad Elkin, EMEA security director at F5.
“More than ever before, it is vital to understand the nature of the threats and to implement solutions that eliminate attacks before they do real damage. Those that get it right will be rewarded with customer loyalty and profit. Those that don’t risk incurring the very thing that they are most concerned about: damage to their reputation.”
Over 35% of respondents claimed to have suffered fraud losses from a variety of online attacks. Malware was the main culprit (75%), followed by phishing (53%), credential grabbing (53%) and session grabbing (35%), F5 said.
When it came to defence strategies, 37% of all organisations surveyed said they preferred web fraud defence using hybrid solutions that combine on- and off-premises provision. That figure rose as high as 59% for organisations with over 5,000 employees.
Meanwhile, 55% of respondents said they have adopted multi-layer fraud prevention solutions. Endpoint embedded solutions were the most popular (62%), followed by page navigation analysis to identify suspect navigation patterns (59%), and entity link analysis of relationships between users, accounts and machines to detect criminal activity and/or misuse (59%). Solutions yielding user behavior analytics and comparison for specific channels also featured prominently (55%).
Most budget spend was allocated for web channel fraud protection (52%) and mobile fraud protection (36%), the survey added.
Elkin explained that there is now a growing appetite for solutions with clientless online fraud protection capabilities.
“Organisations are advanced in their approach to protecting the data centres, implementing multi-factor authentication and protecting applications via server-side controls. Nevertheless, many have failed to effectively secure the end-point where users interact with web applications,” he said.