The financial services industry is facing significant cybersecurity challenges, according to a recent survey conducted by Trend Micro Incorporated. The global leader in cybersecurity solutions found that two thirds (61%) of IT teams within the sector feel that the threats facing their organisation have increased within the last year, and as a result almost half (45%) are finding it hard to keep up.
Surveying more than 1,000 IT decision-makers responsible for cybersecurity in Europe, the research revealed that a third (33%) struggle to manage threats within their budget. Many are feeling the weight of this responsibility, with a third (35%) stating that these increased pressures have led to a decrease in their job satisfaction in the same period.
“Data protection has never been more important, but the financial services industry in particular is facing significant challenges as it adjusts to new regulations such as GDPR and PSD2” said Bharat Mistry, Principal Security Strategist, Trend Micro. “The sector is already a highly pressurised environment. When combined with highly sophisticated cyberattacks at increasing scale and volume, IT teams certainly have their work cut out.”
The Internal Loopholes Exploited by Hackers
One vulnerability that emerged as a significant threat to respondents was Business Process Compromise (BPC), where attackers look for loop-holes in business processes, vulnerable systems and susceptible practices. Once a weakness has been identified, a part of the process is altered to benefit the attacker, without the enterprise or its client detecting the change. Two thirds (66%) of respondents saw this type of vulnerability as a key threat to their organisations, with half (50%) agreeing that they could not afford ransom demands if data was stolen and held in this way.
Despite the majority of respondents agreeing that this type of attack would have a significant effect on their business, over half (51%) of IT leaders agree that there is a lack of awareness of what BPC is within their company’s management team. Security professionals have some progress to make: over two-fifths (41%) of respondents stated that they struggle to communicate potential impacts to their organisation’s leadership, with a third (34%) of organisations currently without cybersecurity representation at board level.
“Business Process Compromise is a long game for cybercriminals, but one that offers a greater reward. By lurking in a company’s infrastructure undetected, over time they acquire the insights needed to transfer large sums of money – as was the case with the Bangladeshi Bank heist.” Mistry continued.
“To combat these threats, financial services organisations must ensure that cybersecurity is represented at board level, so that security teams can effectively communicate the complex threat landscape across their organisation. The security mindset must run throughout each department in an organisation, from the board, to finance to HR. If it doesn’t, financial services organisations risk falling victim to cybercriminals’ increasingly sophisticated attacks, and non-compliance with challenging regulations such as PSD2 and GDPR”.
About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 6,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.http://cts.businesswire.com/ct/CT?id=bwnews&sty=20170201006240r1&sid=hq1sc1&distro=nx&lang=en
Research carried out by Opinium, commissioned by Trend Micro. Online survey among 1,022 IT decision-makers responsible for cybersecurity across the UK, Germany, Spain, Italy, Sweden, Finland, France, Netherlands, Poland, Belgium and Czech Republic.