Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 


Professional Hackers Target World Finance

Media release
19 July 2006

Professional Hackers and Organised Crime Target World’s Largest Financial Institutions

The world’s largest financial institutions experienced a surge in the number of security attacks over the past year, specifically from external sources. More than three-quarters (78%, up from 26% in 2005) of respondents confirmed a security breach from outside the organization and almost half (49%, up from 35% in 2005) experienced at least one internal breach. These findings are drawn from the 2006 Deloitte Global Security Survey.

The fourth annual survey consisted of interviews with senior security officers from the world’s top global financial institutions and acts as a global benchmark for the state of IT security and privacy in the financial services sector.

Among the top three most common attacks the global financial industries experienced over the past 12 months, both externally and internally, were originated to extort some form of monetary gain. Phishing and pharming were attributed for more than half (51%) of external attacks, followed by spyware/malware utilization (48%). Insider fraud (28%) and leakage of customer data (18%) were cited by respondents among the top three most common internal breaches.

“The extent and nature of these security breaches signal a new reality for the global financial industry. Execution and exploitation of these attacks require significant resources and coordination, which implies professional hackers and organised crime have entered the domain once ruled by ‘script kiddies’ and one-off hackers,” says Rodger Murphy Deloitte’s New Zealand leader of IT Risk Management & Security Services.

“This trend shift means organisations not only face more sophisticated and hard to track attacks, but are also challenged by increased risk and potential loss. Financial institutions should take these factors into account in their overall security strategy.”

The shift to a more sinister criminal profile of online attackers and the potential risk they represent did not go unnoticed by the financial services sector, with evidence that they have started taking steps to fend-off these threats. This year, identity theft and account fraud (58%), along with identity & access management (41%), made their way into the top five security initiatives for 2006. Another indication of the financial industry’s fast response to current events and emerging threats is the presence of disaster recovery and business continuity (49%) among the top five security initiatives. The importance of a business continuity plan, following the recent string of natural disasters around the globe, is reflected by the impressive proportion of organisations 88% that confirmed having an enterprise-wide business continuity management program in place.

“Deloitte’s survey shows that financial institutions are attentive to the fast-paced and changing security environment. They are shifting priorities and starting to take necessary measures to mitigate the various security risks and challenges,” adds Rodger Murphy.

“While it is only natural to shift focus to the most imminent, emerging threats, organisations should avoid being blindsided and must strive to maintain a balanced, more holistic approach to their security operations and initiatives.”

Interestingly, security awareness and training is one of the initiatives that dropped off the top five list from the previous survey. While 96% of respondents were concerned about employee misconduct involving IT systems, only a third (34%) have provided their staff with some form of information security and privacy training over the past year. The most common medium financial institutions use for security training and awareness are web page alerts and emails (63%). Other, perhaps more effective methods, such as orientation training (35%) and recognition of exemplary behaviour (9%), ranked low in utilization.


Additional key findings of the survey:

- 95% of participants indicated their information security budget grew over the past year. Logical access control products topped the list of security budget spending (76% of respondents).
- Almost three-quarters (72%) of financial institutions who experienced security breaches indicated the estimated amount of damage for the organisation, including direct and indirect costs, was in the range of $1 million (U.S.).
- This year, 71% of respondents indicate that they have a defined information security governance structure (e.g. defined responsibilities, policies and procedures) while 24% are in the process of establishing one.
- The number of financial institutions who have formulated an information security strategy has declined to 61% while another 21% indicate that they are in the process of formulating or refreshing one for their organisation.
- Two-thirds (65%) of respondents confirmed having a program to manage privacy, down by 3% from last year.


Regional Highlights

Asia Pacific excluding Japan (APAC): APAC was among the leading regions in the implementation of enterprise-wide business continuity management programs and managing privacy compliance (92% and 85%, respectively), likely as a result of the recent natural disasters that have struck the region. However, in other areas of information security, such as appointing a CISO (23%) and possessing a security strategy (33%), the region is lagging behind the rest of the world. Furthermore, all respondents from the APAC region confirm encountering at least one information security breach over the past year.

ENDS

© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

Onetai Station: Overseas Investment Office Puts Ceol & Muir On Notice

The Overseas Investment Office (OIO) has issued a formal warning to Ceol & Muir and its owners, Argentinian brothers Rafael and Federico Grozovsky, for failing to provide complete and accurate information when they applied to buy Onetai Station in 2013. More>>

ALSO:

Tomorrow, The UN: Feds President Takes Reins At World Farming Body

Federated Farmers president Dr William Rolleston has been appointed acting president of the World Farmers’ Organisation (WFO) at a meeting in Geneva overnight. More>>

ALSO:

I Sing The Highway Electric: Charge Net NZ To Connect New Zealand

BMW is turning Middle Earth electric after today announcing a substantial contribution to the charging network Charge Net NZ. This landmark partnership will enable Kiwis to drive their electric vehicles (EVs) right across New Zealand through the installation of a fast charging highway stretching from Kaitaia to Invercargill. More>>

ALSO:

Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>

Earlier:

Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>

ALSO:

Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>

ALSO:

Get More From Scoop

 
 
 
 
 
 
 
 
 
Business
Search Scoop  
 
 
Powered by Vodafone
NZ independent news