Welcome!

News Feed Item

Financial Accounts and Endpoints Most at Risk: SANS Survey on Financial Services Security Programs

Results released in two-part complimentary webcast series on March 26 and March 27 at 1 PM EDT

BETHESDA, Md., March 20, 2014 /PRNewswire-USNewswire/ -- Many types of organizations (not just financial) indicated that they are in the business of processing and storing financial information and are subject to compliance with multiple regulations, according to the recently conducted SANS Survey on Financial Service Security completed by 293 IT security professionals.

In the two-part webcast, we will share what types of attacks industry participants are suffering from and how well prepared they believe they are to fend off attacks.

In the survey, 32% of respondents say their organizations spend more than 25% of their security budget on meeting or providing compliance mandates. Yet, only 16% felt very prepared to fend off attacks against financial accounts.

"This survey confirms that most attacks start from within, either through abuse, misuse or by employees falling victim to spearphishing emails," says senior SANS analyst and instructor, G. Mark Hardy, who authored the report. "However, quantifying losses is difficult, with nearly half of the survey participants unable to do so."

Of those that were able to quantify attacks on their organization, 44% suffered direct loss against impacted financial accounts and an additional 36% said they had experienced direct losses due to denial of service interrupting their business.

Survey respondents reported the most losses resulting from the following types of attacks:

  • Abuse or misuse by internal employees or contractors (43%)
  • Spearphishing emails (43%)
  • Malware or botnet infections (42%)

Survey results also reveal that there is room for improvement in security programs.

"Vulnerability scanning, continuous monitoring, advanced firewalls, IDS and IPS have the widest adoption among respondents," explains Hardy, "While real-time threat intelligence and in-house security analytics have significant opportunity for increased market penetration."  

The good news is that 49% of respondents plan to invest more heavily in security in the next 24 months.

"Security spending is up, but so are regulatory reporting requirements," says Hardy.

"Unfortunately, compliance can siphon off scarce funds that could otherwise be used to reduce further losses."

Results will be released in a two-part webcast series featuring G. Mark Hardy and John Pescatore:

SANS Financial Services Security Survey Part I: Risks and Preparedness, Wednesday March 26 at 1 PM EDT  www.sans.org/info/155260

SANS Financial Services Security Part II: Drivers and Wish Lists, Thursday, March 27 at 1 PM EDT  www.sans.org/info/155265

Tweet This:

Customer account breaches and DoS top concerns in SANS survey! Attend webcast March 26 @SANSInstitute. http://bit.ly/Fin-SurvResults

Financial sector strengths and weaknesses revealed in SANS survey. Webcast March 27 @SANSInstitute. http://bit.ly/Fin-SurvResults

Peer education in Financial Services Risk Management in a SANS survey. Webcast March 27 @SANS Institute. http://bit.ly/Fin-SurvResults

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE SANS Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketing and Strategy at CA Technologies, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...