The costs associated with electronic attacks targeting the financial sector are rising, given the increasingly sophisticated threats to enterprises. A new study by Kaspersky Lab and B2B International revealed the magnitude and impact of the attacks, noting that financial companies incur financial losses of about $ 1 million on average for each cyber attack.
This huge figure was revealed in a survey entitled "Security Risks for Financial Institutions 2016", which included a number of financial professionals to highlight the major security challenges faced by banks and financial institutions around the world and the costs incurred by some specific cyber attacks.
One of the most costly security breaches for financial institutions is the threat of exploiting undetected security vulnerabilities in POS systems, in which an enterprise incurs more than $ 2 million. Targeted attacks on mobile devices are the second highest cost by more than $ 1.641 million, followed by attacks targeting $ 1.3 million.
Compliance is the driving force behind increased investment in IT security among banks and financial institutions. However, the study found that 63% of companies believe that achieving compliance alone is not enough to keep companies safe from the risks of cyber attacks. Another important reason for spending more on security is the growing sophistication and complexity of infrastructure. For example, a typical financial firm uses a virtual desktop infrastructure (VDI) and manages about 10,000 devices with end users, about half of which are smartphones and tablets.
In the view of the study, inadequate internal expertise, lack of senior management guidance and wide scope of work are also among the main reasons for the increased budget. In general, investment in electronic security seems to be imperative today for most financial companies, with 83% expecting to increase their IT security budgets.
"Given the huge financial losses caused by cyber attacks, it is no surprise that financial institutions are seeking to increase their spending on security platforms," said Venimin Levtsov, vice president of commercial projects at Kaspersky Lab. We believe that the successful security strategies of financial institutions lie in a more balanced approach to resource allocation rather than simply spending compliance, as well as investing more in providing more advanced targeted attack prevention systems, paying greater attention to personal security awareness and Better insights into specific sector-specific threats. "
The study shows that financial institutions seek to address the security challenges by obtaining more threat intelligence and security audits, and 73% of the surveyed sample recognized the effectiveness and feasibility of this procedure. However, there are institutions in the financial sector that are less inclined to use third-party security services, with only 53% of respondents saying this approach is effective and feasible.
Kaspersky Lab experts recommend five key guidelines that should be taken into account for integrating them into security strategies applied by financial institutions in 2017.
1. Take care and caution against targeted attacks
Attacks on financial institutions are likely to be carried out through the use of third parties or contractors. These companies are often poorly protected or are not fully protected, and are therefore used as a gateway for cybercriminals to access either malicious software or an attempted phishing attack.
2. Do not underestimate the less developed threats
Fraudsters may resort to mass attacks to make the most use possible using the simplest tools. Social engineering is likely to cause 75% of phishing attacks, while 17% of attacks are due to malware.
3. The lack of preference for compliance with the protection
Budgets are usually allocated to compliance, but enhancing security and introducing new protection techniques requires a more balanced approach to resource allocation.
4. The penetration tests regularly conduct
Unseen security loopholes are real and can not be ignored. Through the application and use of advanced detection tools and penetration tests will reveal those vulnerabilities and vulnerabilities. Ensure that all gaps and potential threats are monitored in a timely manner.
5. Attention to threats from staff
There are employees who are likely to be exploited by Internet criminals, or they may turn themselves into Internet hackers. Thus, a security strategy should go beyond the standard protection criteria to include techniques that help detect suspicious and suspicious activities within the organization.
ConversionConversion EmoticonEmoticon