INDEPENDENT NEWS

Professional Hackers Target World Finance

By: Deloitte
Published: Wed 19 Jul 2006 11:04 AM
Media release
19 July 2006
Professional Hackers and Organised Crime Target World’s Largest Financial Institutions
The world’s largest financial institutions experienced a surge in the number of security attacks over the past year, specifically from external sources. More than three-quarters (78%, up from 26% in 2005) of respondents confirmed a security breach from outside the organization and almost half (49%, up from 35% in 2005) experienced at least one internal breach. These findings are drawn from the 2006 Deloitte Global Security Survey.
The fourth annual survey consisted of interviews with senior security officers from the world’s top global financial institutions and acts as a global benchmark for the state of IT security and privacy in the financial services sector.
Among the top three most common attacks the global financial industries experienced over the past 12 months, both externally and internally, were originated to extort some form of monetary gain. Phishing and pharming were attributed for more than half (51%) of external attacks, followed by spyware/malware utilization (48%). Insider fraud (28%) and leakage of customer data (18%) were cited by respondents among the top three most common internal breaches.
“The extent and nature of these security breaches signal a new reality for the global financial industry. Execution and exploitation of these attacks require significant resources and coordination, which implies professional hackers and organised crime have entered the domain once ruled by ‘script kiddies’ and one-off hackers,” says Rodger Murphy Deloitte’s New Zealand leader of IT Risk Management & Security Services.
“This trend shift means organisations not only face more sophisticated and hard to track attacks, but are also challenged by increased risk and potential loss. Financial institutions should take these factors into account in their overall security strategy.”
The shift to a more sinister criminal profile of online attackers and the potential risk they represent did not go unnoticed by the financial services sector, with evidence that they have started taking steps to fend-off these threats. This year, identity theft and account fraud (58%), along with identity & access management (41%), made their way into the top five security initiatives for 2006. Another indication of the financial industry’s fast response to current events and emerging threats is the presence of disaster recovery and business continuity (49%) among the top five security initiatives. The importance of a business continuity plan, following the recent string of natural disasters around the globe, is reflected by the impressive proportion of organisations 88% that confirmed having an enterprise-wide business continuity management program in place.
“Deloitte’s survey shows that financial institutions are attentive to the fast-paced and changing security environment. They are shifting priorities and starting to take necessary measures to mitigate the various security risks and challenges,” adds Rodger Murphy.
“While it is only natural to shift focus to the most imminent, emerging threats, organisations should avoid being blindsided and must strive to maintain a balanced, more holistic approach to their security operations and initiatives.”
Interestingly, security awareness and training is one of the initiatives that dropped off the top five list from the previous survey. While 96% of respondents were concerned about employee misconduct involving IT systems, only a third (34%) have provided their staff with some form of information security and privacy training over the past year. The most common medium financial institutions use for security training and awareness are web page alerts and emails (63%). Other, perhaps more effective methods, such as orientation training (35%) and recognition of exemplary behaviour (9%), ranked low in utilization.
Additional key findings of the survey:
- 95% of participants indicated their information security budget grew over the past year. Logical access control products topped the list of security budget spending (76% of respondents).
- Almost three-quarters (72%) of financial institutions who experienced security breaches indicated the estimated amount of damage for the organisation, including direct and indirect costs, was in the range of $1 million (U.S.).
- This year, 71% of respondents indicate that they have a defined information security governance structure (e.g. defined responsibilities, policies and procedures) while 24% are in the process of establishing one.
- The number of financial institutions who have formulated an information security strategy has declined to 61% while another 21% indicate that they are in the process of formulating or refreshing one for their organisation.
- Two-thirds (65%) of respondents confirmed having a program to manage privacy, down by 3% from last year.
Regional Highlights
Asia Pacific excluding Japan (APAC): APAC was among the leading regions in the implementation of enterprise-wide business continuity management programs and managing privacy compliance (92% and 85%, respectively), likely as a result of the recent natural disasters that have struck the region. However, in other areas of information security, such as appointing a CISO (23%) and possessing a security strategy (33%), the region is lagging behind the rest of the world. Furthermore, all respondents from the APAC region confirm encountering at least one information security breach over the past year.
ENDS

Next in Business, Science, and Tech

Business Canterbury Urges Council To Cut Costs, Not Ambition For City
By: Business Canterbury
The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.
Wellington Airport On Track For Net Zero Emissions By 2028
By: Wellington Airport Limited
This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.
ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
By: Landcare Research
A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands.
Auckland Rat Lovers Unite!
By: NZ Anti-Vivisection Society
On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.
$1.35 Million Grant To Study Lion-like Jumping Spiders
By: University of Canterbury
A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.
Government Ends War On Farming
By: Federated Farmers
The changes to unworkable and expensive regulations mark the end of the war on farming, says Colin Hurst from Federated Farmers. Federated Farmers strongly believe that winter grazing, stock exclusion and on-farm biodiversity can be better managed through ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media