Current State of IT Security in the Financial Services Sector
Financial services organizations are some of the most highly protected institutions in the nation, but, at the same time, are under constant attack. As a result, financial institutions have to be prepared to handle any security disaster.
Earlier this year, I joined G. Mark Hardy from SANS, Ed Dembowski from FireEye and Scott Gordon from ForeScout to discuss the results of a SANS survey on, "risk, loss and security spending in financial institutions."
The survey featured 239 respondents from varying business levels and was conducted from January through February of 2014. The security incidents that ranked in the top three included internal employee misuse (43 percent), spearfishing emails (43 percent) and malware or botnet infections (42 percent)*.
Despite organizations’ best efforts one thing is for sure: breaches are going to happen. The disturbing fact about these statistics is that two of the top three causes were the result of employee behavior; something organizations believe they should be able to control.
One of the major problems with security breaches is figuring out just how bad they really are. Only 21 percent of those surveyed could quantify losses while 50 percent could not and 29 percent didn’t know if they could. This can make it hard to receive future funding for proper security measures.
Risk for organizations concerning these breaches comes from many sides including reputation, legal, regulatory and financial. A security breach could open your company to civil and/or criminal litigation as well as increased regulatory scrutiny and fines. Your organization’s stock could also be devalued and damage done to your image and stockholder confidence.
What do I do?
Decide which security framework is right for you (PCI DSS, COBIT, NIST, FISMA, etc.). While complying with security frameworks is a good start, compliance does not equal security. Additional measures should be taken in order to keep your company safe.
If you are legally or contractually bound to report a breach then you should do it. However, keep in mind the aforementioned risks and convey those risks to your executives, as they are the ones who need to make the final decision.
* Percentages do not add up to 100 percent because respondents were allowed to select multiple answers.
Related Articles
Cybersecurity Snapshot: Strengthen Identity and Access Management Security with New CISA/NSA Best Practices
March 24, 2023Learn about a new guide packed with best practices recommendations to improve IAM systems security. Plus, cybersecurity ranks as top criteria for software buyers. Also, guess who’s also worried about ChatGPT? Oh, and do you know what a BISO is? And much more!
Open Banking Is the Future: 5 Ways to Secure Your Network
May 6, 2021The sharing of financial data across applications is changing how consumers save, manage and spend their money. Here's how financial institutions can secure the next generation of banking. Open banki...
Uncovering the Business Costs of Cyber Risk: Ponemon Study
December 12, 2018Study finds organizations are not accurately measuring the business costs of cyber risk, and are unable to quantify the damage cyber attacks could have on their businesses, leaving them without the cr...
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
Oracle April 2024 Critical Patch Update Addresses 239 CVEs
April 17, 2024Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
- Financial Services
- Research Reports