Friday, January 31, 2020
The Authentic8 report, Surprising Disconnect over Compliance and Secure Web Use at Financial Firms, is based on in-depth surveys of decision makers in IT, legal and compliance roles at financial firms. It includes this warning for executives in those roles: "restore trust and get into sync."
"Financial firms have some of the best-funded IT departments of any industry, that's no secret," said Scott Petry, co-founder and CEO of Authentic8. "What's perplexing to me, with data breaches and privacy violations at an all-time high, is how deep the divide still runs between IT, compliance and legal professionals in many firms, according to these findings."
A report released late last year by Bitglass, a Silicon Valley-based cloud security specialist, indicated that although just 6 percent of all breaches reported in 2019 were suffered by financial services firm, those breaches accounted for more than 60 percent of all leaked records. The Authentic8 report also notes that "less accessible" IT departments are generally more aware of the risks involved with employees' online activities than are those with higher ratios of IT staff to general employee populations.
"IT departments stretched thin seem to be more acutely aware of web-borne threats and the potential impact on their organizations," Petry said. "Unfortunately, that awareness doesn't necessarily always translate into an effective prevention strategy, as the study shows." The report suggests IT departments have "tunnel vision" when it comes to identifying and protecting against risks. "The results show that firms often still rely on ineffective traditional perimeter defenses and point solutions, such as anti-virus tools, URL filtering and VPN, which in turn introduce new risks," Petry said.
Meanwhile, Ponemon Institute's research revealed a dramatic surge in both the frequency and average cost of cybersecurity threats posed by insiders, particularly at financial firms. The report, 2020 Cost of Insider Threats Global Report, based on a study sponsored by IBM and ObserveIT, found that the frequency of insider threats tripled, from one to 3.2 per organization, between 2016 and 2019. Ponemon defines an insider threat as one posed by a careless or negligent employee or contractor, a criminal or malicious insider, or a credential thief.
Not surprisingly, the larger an organization's headcount, the higher the costs associated with remedying insider-related incidents. The largest organizations studied – those with headcounts over 75,000 – spent an average $17.92 million last year to resolve insider-related incidents.
The three industries most affected by insider threats are financial services, general services, and technology and software, Ponemon reported. Financial services firms (which include banks, insurance, brokerage and investment management companies) are paying the highest tabs to resolve insider incidents: an average $14.05 million per organization in 2019. This compares to a $12.31 million average tab for services firms, and an average $12.30 million for tech and software firms, Ponemon found.
Ponemon's research also showed that it takes an average of more than two months to contain an insider incident. In 2019 it took an average 77 days to contain an insider incident, and just 13 percent were contained in under 30 days, Ponemon reported.
In all, Ponemon studied 4,716 breaches at just under 1,000 organizations finding that negligent insiders were the root cause of most (63 percent). Criminal and malicious insiders were the cause of 23 percent; 14 percent were caused by imposters who had stolen credentials. Incidents involving stolen credentials also were the most expensive, and 29 percent of all thefts thefts involved privileged users' credentials.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.