You may think that the threat of an electronic attack on your business is receding; you’d be wrong. Attackers are just getting smarter. Today’s global economy has streamlined commerce for both corporations and consumers, and financial systems are readily accessible worldwide.
Organizations in the finance and insurance industry face some unique challenges with regard to information protection. While not immune to routine opportunistic attacks by miscreants who continually scour the Internet for easy pickings, their status as a high-value target means they attract significantly more directed and tenacious criminal attention.
Verizon’s 2014 Data Breach Investigations Report (DBIR) identified the attack threat patterns specific to each industry, and is opening up a more focused and effective approach to fighting the cybercriminal. Importantly this research finds that on average, just three threat patterns covered 72 percent of the security incidents in any industry.
So my question to the financial industry is –do you know which three attack patterns impact your industry the most?
Just three of the nine threat patterns covered 75 percent of security incidents experienced by financial services organizations. These are:
Web application (web app) attacks – found in 27 percent of analyzed incidents
For example – where attackers use stolen credentials or exploit vulnerabilities in web applications — such as content management systems (CMS) or e-commerce platforms.
Denial of service (DOS) – found in 26 percent of analyzed incidents
DOS attacks use armies of “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt.
Skimming – found in 22 percent of analyzed incidents
For example - criminals tampering with a card payment device to install a “skimmer” that automatically captures a customer’s card data, usually ATMs that are targeted.
Put simply, improving defenses against these three areas could help financial organizations substantially lower risk. It seems simple, and it is - by looking at each attack pattern in detail, organizations can tailor their security strategies to target these specific areas.
Unsure how to implement this knowledge? Watch out for my next article which will delve deeper into the attack patterns and provide recommendations as to what you can do to limit their impact on your organization.
When all things are considered, dealing with security incidents may seem like the smallest of concerns when the very existence of financial institutions has been on the line. Yet a successful attack on a financial institution could leave irreparable damage - quantifiable in tangible items such as stolen or misappropriated resources, but also in the more intangible yet hugely significant aspect of brand image and reputation. Can you afford not to be prepared?
For more information on Verizon’s security leadership, click here.
If you have any non-media related inquiries our experts are available to help you discuss your organization’s security needs. To speak with a security expert at Verizon, contact SecuritySolutionsContact@verizon.com.