Attacks Against Financial Services Double

Already under the regulatory gun, attacks against the IT infrastructures of financial services firms have doubled in the last year

For the world’s leading financial firms, outsider attacks have more than doubled in the past year.

While 39 percent of firms reported systems had been compromised in 2003, that number spiked to 83 percent this year. Two in five respondents also sustained financial losses from the attacks. At the same time, a quarter of respondents report stagnant budgets, and for 10 percent, budgets declined.

Those results come from face-to-face interviews conducted by consulting firm Deloitte & Touche with 100 senior security officers at some of the world’s largest financial organizations, including 31 of the top 100 global financial institutions (as ranked by 2002 assets). Deloitte & Touche discussed the findings in its report, "2004 Global Security Survey."

“Financial institutions are fighting an ongoing battle to combat and mitigate ever-increasing security threats and attacks, and privacy violations, as well as comply with the increasingly stringent regulatory environment,” notes Ted DeZabala, a principal in Deloitte & Touche’s Enterprise Risk Services Group. In particular, “institutions are under increased pressure to deliver a secure environment while also providing greater consumer access … a very fine balance.”

In particular, pressure comes from the financial industry having to comply with a variety of regulations, including Gramm-Leach-Bliley. Evidently, organizations are feeling the heat; two-thirds report having a privacy management program, up from just over half last year. Almost 70 percent of security officers also say the security program has the strong support needed from senior management to continue meeting regulatory requirements.

With attacks doubling, firms are hard pressed to defend themselves. Yet not all blame is external. According to the survey, one-third of respondents also say their in-use security technologies aren’t being used to their fullest power.

Strangely, the number of firms reporting fully deployed antivirus dropped from 96 percent last year to 87 percent this year. Nevertheless, over 70 percent of respondents think worms and viruses are the security biggest threat they’ll face within the next year.

Contrast antivirus use with a 76 percent deployment of intrusion detection/prevention systems. Over half of organizations also report having deployed access management, defined security standards, and privacy statements, and over half also have security policies relating to wireless usage.

Another surprise: Despite the financial industry’s reputation for being on the bleeding edge of security technology, only nine percent of organizations perceive themselves as “willing to take the risk with being an early adopter,” notes the report.

Beyond technology investments, some organizations are already rethinking the role of security, with 1 in 10 reporting that senior management has begun exploring ways in which security can become a business enabler. There’s work to be done, however, with just one quarter of security officers saying their organization’s strategic and security initiatives are aligned.

Related articles:

Related articles:

Top Three Security Problems Remain Despite Increased Spending

Security Spending Will Top All IT Investments

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.