|By PR Newswire||
|March 20, 2014 12:45 PM EDT||
BETHESDA, Md., March 20, 2014 /PRNewswire-USNewswire/ -- Many types of organizations (not just financial) indicated that they are in the business of processing and storing financial information and are subject to compliance with multiple regulations, according to the recently conducted SANS Survey on Financial Service Security completed by 293 IT security professionals.
In the two-part webcast, we will share what types of attacks industry participants are suffering from and how well prepared they believe they are to fend off attacks.
In the survey, 32% of respondents say their organizations spend more than 25% of their security budget on meeting or providing compliance mandates. Yet, only 16% felt very prepared to fend off attacks against financial accounts.
"This survey confirms that most attacks start from within, either through abuse, misuse or by employees falling victim to spearphishing emails," says senior SANS analyst and instructor, G. Mark Hardy, who authored the report. "However, quantifying losses is difficult, with nearly half of the survey participants unable to do so."
Of those that were able to quantify attacks on their organization, 44% suffered direct loss against impacted financial accounts and an additional 36% said they had experienced direct losses due to denial of service interrupting their business.
Survey respondents reported the most losses resulting from the following types of attacks:
- Abuse or misuse by internal employees or contractors (43%)
- Spearphishing emails (43%)
- Malware or botnet infections (42%)
Survey results also reveal that there is room for improvement in security programs.
"Vulnerability scanning, continuous monitoring, advanced firewalls, IDS and IPS have the widest adoption among respondents," explains Hardy, "While real-time threat intelligence and in-house security analytics have significant opportunity for increased market penetration."
The good news is that 49% of respondents plan to invest more heavily in security in the next 24 months.
"Security spending is up, but so are regulatory reporting requirements," says Hardy.
"Unfortunately, compliance can siphon off scarce funds that could otherwise be used to reduce further losses."
Results will be released in a two-part webcast series featuring G. Mark Hardy and John Pescatore:
SANS Financial Services Security Survey Part I: Risks and Preparedness, Wednesday March 26 at 1 PM EDT www.sans.org/info/155260
SANS Financial Services Security Part II: Drivers and Wish Lists, Thursday, March 27 at 1 PM EDT www.sans.org/info/155265
Customer account breaches and DoS top concerns in SANS survey! Attend webcast March 26 @SANSInstitute. http://bit.ly/Fin-SurvResults
Financial sector strengths and weaknesses revealed in SANS survey. Webcast March 27 @SANSInstitute. http://bit.ly/Fin-SurvResults
Peer education in Financial Services Risk Management in a SANS survey. Webcast March 27 @SANS Institute. http://bit.ly/Fin-SurvResults
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
SOURCE SANS Institute
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
Aug. 2, 2015 11:15 AM EDT Reads: 340
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
Aug. 2, 2015 11:00 AM EDT Reads: 146
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
Aug. 2, 2015 09:00 AM EDT Reads: 1,695
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
Aug. 2, 2015 08:15 AM EDT Reads: 167
In a recent research, analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
Aug. 2, 2015 07:00 AM EDT Reads: 173
"We've just seen a huge influx of new partners coming into our ecosystem, and partners building unique offerings on top of our API set," explained Seth Bostock, Chief Executive Officer at IndependenceIT, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Aug. 1, 2015 09:00 PM EDT Reads: 668
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Aug. 1, 2015 04:45 PM EDT Reads: 495
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
Aug. 1, 2015 03:00 PM EDT Reads: 525
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
Aug. 1, 2015 02:45 PM EDT Reads: 465
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Aug. 1, 2015 11:15 AM EDT Reads: 187
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
Aug. 1, 2015 10:30 AM EDT Reads: 219
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Aug. 1, 2015 10:00 AM EDT Reads: 328
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
Aug. 1, 2015 09:45 AM EDT Reads: 397
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
Aug. 1, 2015 09:45 AM EDT Reads: 195
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
Aug. 1, 2015 08:00 AM EDT Reads: 320