Banks Confident about Cybersecurity, but Gaps Remain
Executives at banks and financial institutes across the globe are increasingly confident about their cybersecurity defenses, new research has shown.
The research, carried out by professional services firm Accenture, found that 78% of respondents are confident in their overall cybersecurity strategy. Around half of respondents cited high confidence in their organization’s ability to identify the cause of a breach, measure its impact and manage any associated financial risk.
However, it appears this confidence could be misplaced. Respondents reported on average 85 serious attempted cyber-breaches every year. Of those, 36% were successful, meaning at least some information was obtained by the hackers during the attack. On top of this 59% of affected banks claimed it took ‘several months’ to detect the breach.
The study also suggests that 52% of banking executives doubt their organization’s ability to detect a breach through internal monitoring. Internal threats were also shown to be an issue for banks. Nearly half (48%) said internal breaches had a greater impact than an external breach.
“Banks have traditionally prioritized their cybersecurity investment around building higher, more secure walls. But this has often been to the detriment of their internal capabilities. While defending the perimeter is crucial, it’s often the people inside the walls that present the biggest risk, but also the biggest weapon in the fight for resiliency,” said Chris Thompson, senior managing director and head of financial services cybersecurity and resilience, Accenture Security.
Respondents also had fears about the digital skills shortage, and what that may mean for security at banks and financial institutions. The area of biggest concern was endpoint and network security (61%), incident response (53%) and vulnerability management (53%).
“Bank executives are clearly confident when it comes to their cybersecurity capabilities, but there is still much work to be done,” said Thompson. “Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyber-attack practices. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day. Banks should focus on deploying practical testing scenarios that focus inside the perimeter to ultimately make the crooks’ job as difficult as possible.”
Source: Information Security Magazine