Welcome!

News Feed Item

Financial Accounts and Endpoints Most at Risk: SANS Survey on Financial Services Security Programs

Results released in two-part complimentary webcast series on March 26 and March 27 at 1 PM EDT

BETHESDA, Md., March 20, 2014 /PRNewswire-USNewswire/ -- Many types of organizations (not just financial) indicated that they are in the business of processing and storing financial information and are subject to compliance with multiple regulations, according to the recently conducted SANS Survey on Financial Service Security completed by 293 IT security professionals.

In the two-part webcast, we will share what types of attacks industry participants are suffering from and how well prepared they believe they are to fend off attacks.

In the survey, 32% of respondents say their organizations spend more than 25% of their security budget on meeting or providing compliance mandates. Yet, only 16% felt very prepared to fend off attacks against financial accounts.

"This survey confirms that most attacks start from within, either through abuse, misuse or by employees falling victim to spearphishing emails," says senior SANS analyst and instructor, G. Mark Hardy, who authored the report. "However, quantifying losses is difficult, with nearly half of the survey participants unable to do so."

Of those that were able to quantify attacks on their organization, 44% suffered direct loss against impacted financial accounts and an additional 36% said they had experienced direct losses due to denial of service interrupting their business.

Survey respondents reported the most losses resulting from the following types of attacks:

  • Abuse or misuse by internal employees or contractors (43%)
  • Spearphishing emails (43%)
  • Malware or botnet infections (42%)

Survey results also reveal that there is room for improvement in security programs.

"Vulnerability scanning, continuous monitoring, advanced firewalls, IDS and IPS have the widest adoption among respondents," explains Hardy, "While real-time threat intelligence and in-house security analytics have significant opportunity for increased market penetration."  

The good news is that 49% of respondents plan to invest more heavily in security in the next 24 months.

"Security spending is up, but so are regulatory reporting requirements," says Hardy.

"Unfortunately, compliance can siphon off scarce funds that could otherwise be used to reduce further losses."

Results will be released in a two-part webcast series featuring G. Mark Hardy and John Pescatore:

SANS Financial Services Security Survey Part I: Risks and Preparedness, Wednesday March 26 at 1 PM EDT  www.sans.org/info/155260

SANS Financial Services Security Part II: Drivers and Wish Lists, Thursday, March 27 at 1 PM EDT  www.sans.org/info/155265

Tweet This:

Customer account breaches and DoS top concerns in SANS survey! Attend webcast March 26 @SANSInstitute. http://bit.ly/Fin-SurvResults

Financial sector strengths and weaknesses revealed in SANS survey. Webcast March 27 @SANSInstitute. http://bit.ly/Fin-SurvResults

Peer education in Financial Services Risk Management in a SANS survey. Webcast March 27 @SANS Institute. http://bit.ly/Fin-SurvResults

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE SANS Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said "No to LUNs." With Tintri they manage only virtual machines, in a fraction of the footprint and at far lower cost than conventional storage. Tintri offers the choice of all-flash or hybrid-flash platform, converged or stand-alone structure and any hypervisor. Rather than obsess with storage, leaders focus on the business app...
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Some people worry that OpenStack is more flash then substance; however, for many customers this could not be farther from the truth. No other technology equalizes the playing field between vendors while giving your internal teams better access than ever to infrastructure when they need it. In his session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will talk through some real-world OpenStack deployments and look into the ways this can benefit customers of all sizes....
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infrastructure through automation. Ayehu solutions have been deployed by major enterprises worldwide, and currently, support thousands of IT processes across the globe. The company has offices in New York, California, and Isr...
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Zerto exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016. Zerto is committed to keeping enterprise and cloud IT running 24/7 by providing innovative, simple, reliable and scalable business continuity software solutions. Through the Zerto Cloud Continuity Platform™, organizations can seamlessly move and protect virtualized workloads between public, private and hybrid clouds. The company’s flagship product, Zerto Virtual...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products and services around this fundamentally unique approach to delivering complete software release management solutions. With a combination of Addteq's services and our extensive list of partners,...