While 93 percent of financial institutions claim online fraud prevention is a high priority, most have only baseline IT security tools; the top five being an internal firewall, gateway anti-virus/malware, gateway firewall, intrusion detection/prevention and security management systems. Not exactly the type of protection that would make a tech/security-savvy customer sleep well at night.
Sponsored by ThreatMetrix and conducted by Info-Tech Research Group, a 28,000 member global leader in providing tactical information technology research and analysis, the ThreatMetrix 2012 State of Cybercrime study surveyed retail and financial US business managers and IT executives on their level of cybersecurity planning and fraud prevention solutions.
The survey showed that while managers and executives consider security a high priority, the level of security actually in place falls short of what’s needed and what FFIEC (Federal Financial Institutions Examination Council) regulations will call for by 2014.
“Fraudsters go where the money is, making financial institutions a prime target for cybercriminals,” offers Andreas Baumhof, chief technology officer, ThreatMetrix. “As more transactions move online, company and customer data at financial institutions are put at high risk of being compromised. Baseline cybersecurity is not effective enough to ward off fraudsters – financial institutions need an integrated device identification and malware protection solution in place to protect themselves and their customers.”
As malware and Trojan attacks continue to rise, financial institutions are increasingly looking to bolster their defenses. The study shows that by 2014, all financial service organizations will implement IT security systems per the FFIEC, which in 2011 called for a layered security approach, and identified two key techniques for financial institutions to maintain effective fraud controls – complex device identification and the ability to detect emerging malware threats.
Something very interesting that the study turned up was that almost a quarter of financial institutions ignored the old saying, “once bitten, twice shy.” Only 22 percent made significant changes to IT security systems and policies following an attack, and 23 percent indicated the organization continued operations as usual.
“Financial institutions should not take cyberattacks lightly,” adds Baumhof. “Just because they have already been attacked does not mean it won’t happen again. Once a weak link is exposed, fraudsters will come back for more. Therefore, financial services must always put stringent cybersecurity policies in place before fraudsters even have the opportunity to attack.”
For more information on this study, download the full report at http://info.threatmetrix.com/ThreatMetrix_Security_Online_Fraud_Prevention.html