Credit unions and banks are under a considerable amount of pressure to ramp up security with increased mobile banking adoption, a trend that is increasingly threatening the security of IT infrastructures.
That is one disturbing finding from Woburn, Mass. based Kaspersky Lab’s “Financial Institutions Security Risks Survey.” To gain a better understanding of the current financial security landscape, Kaspersky Lab and B2B International surveyed 841 representatives from financial services businesses across 15 countries.
The study showed security investment is a high priority for financial institutions, regardless of the potential ROI. After suffering from attacks on their own infrastructure and customers, financial organizations are spending three times as much on IT security as comparably sized non-financial institutions.
Sixty-four percent of financial institutions admit that they will invest in improving their IT security regardless of the return-on-investment, in order to meet the growing demands of government regulators, top management and even their customers.
Despite financial institutions putting serious efforts and budgets into safeguarding their perimeters against known and unknown cyberthreats, protecting the range of IT infrastructure in existence, from traditional to specialized, ATMs and point-of-sale terminals, has proven difficult.
The immense and evolving threat landscape, along with the challenge of improving the customer security habits gives fraudsters more vulnerable touchpoints to exploit.
“Combatting the constantly changing threats targeting their own IT infrastructure and customer accounts is an everyday challenge for financial institutions,” Veniamin Levtsov, vice president, enterprise business at Kaspersky Lab said.
“To put an effective response in place – that protects all points of vulnerability – requires the financial services industry to have several key components: build a highly integrated anti-targeted attacks protection, embrace multi-channel anti-fraud security and get actionable intelligence on evolving threats.”
Five key survey findings:
- The study revealed 42% of financial institutions predict that within three years, mobile banking will be the main form of customer interaction for servicing accounts and that emerging risks related to mobile banking expose them to new cyberthreats.
- Customers played an important role in identifying 2016 security incidents with almost 25% of financial institutions reporting accountholders alerted them to 2016 incidents. Even so, there is a need for more cybersecurity education around safe online behavior. Nearly half of the financial institutions surveyed admitted customers frequently experienced phishing attempts, with 70% reporting financial fraud incidents as a result.
- Rising phishing and social engineering attacks on customers have caused credit unions and banks to reassess their security efforts in this area. Sixty-one percent of respondents see improving the security of apps and websites as one of their main security priorities, closely followed by the implementation of more complex log-in authentication and verification methods.
- Financial institutions report significantly fewer security events than companies of the same size in other industries with one exception, targeted attacks and malware. Still, 59% of financial firms have yet to embrace third-party threat intelligence to help thwart such incursions.
- Financial institutions show comparatively low levels of concern regarding the threat of financial loss due to attacks on ATMs, notwithstanding their high susceptibility to attacks of this nature. Only 19% percent are concerned with attacks on ATM and cash withdrawal machines, even with the growing rate of malware targeting these devices. In the 2016 threats review Kaspersky reported a 20% growth in ATM malware compared to 2015.
