Welcome!

News Feed Item

Financial Accounts and Endpoints Most at Risk: SANS Survey on Financial Services Security Programs

Results released in two-part complimentary webcast series on March 26 and March 27 at 1 PM EDT

BETHESDA, Md., March 20, 2014 /PRNewswire-USNewswire/ -- Many types of organizations (not just financial) indicated that they are in the business of processing and storing financial information and are subject to compliance with multiple regulations, according to the recently conducted SANS Survey on Financial Service Security completed by 293 IT security professionals.

In the two-part webcast, we will share what types of attacks industry participants are suffering from and how well prepared they believe they are to fend off attacks.

In the survey, 32% of respondents say their organizations spend more than 25% of their security budget on meeting or providing compliance mandates. Yet, only 16% felt very prepared to fend off attacks against financial accounts.

"This survey confirms that most attacks start from within, either through abuse, misuse or by employees falling victim to spearphishing emails," says senior SANS analyst and instructor, G. Mark Hardy, who authored the report. "However, quantifying losses is difficult, with nearly half of the survey participants unable to do so."

Of those that were able to quantify attacks on their organization, 44% suffered direct loss against impacted financial accounts and an additional 36% said they had experienced direct losses due to denial of service interrupting their business.

Survey respondents reported the most losses resulting from the following types of attacks:

  • Abuse or misuse by internal employees or contractors (43%)
  • Spearphishing emails (43%)
  • Malware or botnet infections (42%)

Survey results also reveal that there is room for improvement in security programs.

"Vulnerability scanning, continuous monitoring, advanced firewalls, IDS and IPS have the widest adoption among respondents," explains Hardy, "While real-time threat intelligence and in-house security analytics have significant opportunity for increased market penetration."  

The good news is that 49% of respondents plan to invest more heavily in security in the next 24 months.

"Security spending is up, but so are regulatory reporting requirements," says Hardy.

"Unfortunately, compliance can siphon off scarce funds that could otherwise be used to reduce further losses."

Results will be released in a two-part webcast series featuring G. Mark Hardy and John Pescatore:

SANS Financial Services Security Survey Part I: Risks and Preparedness, Wednesday March 26 at 1 PM EDT  www.sans.org/info/155260

SANS Financial Services Security Part II: Drivers and Wish Lists, Thursday, March 27 at 1 PM EDT  www.sans.org/info/155265

Tweet This:

Customer account breaches and DoS top concerns in SANS survey! Attend webcast March 26 @SANSInstitute. http://bit.ly/Fin-SurvResults

Financial sector strengths and weaknesses revealed in SANS survey. Webcast March 27 @SANSInstitute. http://bit.ly/Fin-SurvResults

Peer education in Financial Services Risk Management in a SANS survey. Webcast March 27 @SANS Institute. http://bit.ly/Fin-SurvResults

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE SANS Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to cre...
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert researc...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are repetitive and dull. Utilizing automation can improve your work life, automating away the drudgery and embracing the passion for technology that got you started in the first place. In this presentation, I'll talk about what automation is, and how to approach implementing it in the context of IT Operations. Ned will discuss keys to success in the long term and include practical real-world examples. Ge...
ClaySys Technologies is one of the leading application platform products in the ‘No-code' or ‘Metadata Driven' software business application development space. The company was founded to create a modern technology platform that addressed the core pain points related to the traditional software application development architecture. The founding team of ClaySys Technologies come from a legacy of creating and developing line of business software applications for large enterprise clients around the ...
Organize your corporate travel faster, at lower cost. Hotailors is a next-gen AI-powered travel platform. What is Hotailors? Hotailors is a platform for organising business travels that grants access to the best real-time offers from 2.000.000+ hotels and 700+ airlines in the whole world. Thanks to our solution you can plan, book & expense business trips in less than 5 minutes. Accordingly to your travel policy, budget limits and cashless for your employees. With our reporting, int...
Crosscode Panoptics Automated Enterprise Architecture Software. Application Discovery and Dependency Mapping. Automatically generate a powerful enterprise-wide map of your organization's IT assets down to the code level. Enterprise Impact Assessment. Automatically analyze the impact, to every asset in the enterprise down to the code level. Automated IT Governance Software. Create rules and alerts based on code level insights, including security issues, to automate governance. Enterpr...
The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of virtual or physical machines. In this talk, we'll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platfo...
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small busines...
The current environment of Continuous Disruption requires companies to transform how they work and how they engineer their products. Transformations are notoriously hard to execute, yet many companies have succeeded. What can we learn from them? Can we produce a blueprint for a transformation? This presentation will cover several distinct approaches that companies take to achieve transformation. Each approach utilizes different levers and comes with its own advantages, tradeoffs, costs, risks, a...
This session describes how Professional Services organisations can deliver within Technology-as-a-Service (IaaS) constructs, in private and public enterprise cloud scenarios. See how professional services can be packaged and funded by IaaS cash flows, based upon consumption of technology services. Learn how significant, IT infrastructure transformations can be funded through OPEX spending models with multi-year As-a-Services based contracts. Understand how the automation of repeatable services c...
This sixteen (16) hour course provides an introduction to DevOps, the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will result in an improved ability to design, develop, deploy and operate software and services faster.
Enterprises are universally struggling to understand where the new tools and methodologies of DevOps fit into their organizations, and are universally making the same mistakes. These mistakes are not unavoidable, and in fact, avoiding them gifts an organization with sustained competitive advantage, just like it did for Japanese Manufacturing Post WWII.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomp...