Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Current State of IT Security in the Financial Services Sector

Financial services organizations are some of the most highly protected institutions in the nation, but, at the same time, are under constant attack. As a result, financial institutions have to be prepared to handle any security disaster.

Earlier this year, I joined G. Mark Hardy from SANS, Ed Dembowski from FireEye and Scott Gordon from ForeScout to discuss the results of a SANS survey on, "risk, loss and security spending in financial institutions."

The survey featured 239 respondents from varying business levels and was conducted from January through February of 2014. The security incidents that ranked in the top three included internal employee misuse (43 percent), spearfishing emails (43 percent) and malware or botnet infections (42 percent)*.

Despite organizations’ best efforts one thing is for sure: breaches are going to happen. The disturbing fact about these statistics is that two of the top three causes were the result of employee behavior; something organizations believe they should be able to control.

One of the major problems with security breaches is figuring out just how bad they really are. Only 21 percent of those surveyed could quantify losses while 50 percent could not and 29 percent didn’t know if they could. This can make it hard to receive future funding for proper security measures.

Risk for organizations concerning these breaches comes from many sides including reputation, legal, regulatory and financial. A security breach could open your company to civil and/or criminal litigation as well as increased regulatory scrutiny and fines. Your organization’s stock could also be devalued and damage done to your image and stockholder confidence.

What do I do?

Decide which security framework is right for you (PCI DSS, COBIT, NIST, FISMA, etc.). While complying with security frameworks is a good start, compliance does not equal security. Additional measures should be taken in order to keep your company safe.

If you are legally or contractually bound to report a breach then you should do it. However, keep in mind the aforementioned risks and convey those risks to your executives, as they are the ones who need to make the final decision.

* Percentages do not add up to 100 percent because respondents were allowed to select multiple answers.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security