/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI, INDIA: Regulatory and governance mandates are key drivers of IT security for 50 per cent of financial services enterprises, according to a study by Symantec Corp.
The survey, Symantec Security Check — Indian Financial Services Industry 2011 (Banking, Financial Services and Insurance industries), identifies that increasing e-commerce and mobile transactions by enterprises as another reason for increased adoption of security.
Survey Highlights
Digital attacks prove costly: During the last financial year, 23 per cent of respondents experienced an external attack ranging from phishing attempts, theft of proprietary information and denial of service attacks. External theft of confidential information was faced an average of 1.5 times and internal theft of information an average of 5.8 times.
Also read: How to manage security paradox?
Financial services enterprises face significant financial losses due to security breaches, with the average loss being Rs 6.86 crore (Rs 68.6 million). This figure was nearly double for Indian banks, at Rs 12.6 crore (Rs 126 million).
Sixty-seven per cent of respondents that experienced a data breach lost man hours, and 61 per cent stated that they had lost customers as a result. More than 80 per cent of respondents have faced downtime due to online attacks, and took an average of four hours to resume normal operations.
Compliance and governance driving IT security adoption: Fifty per cent of respondents from financial services enterprises in India cited compliance as the primary driver for adopting IT security. In fact, one in four respondents that experienced a digital attack faced monetary penalization.
Over the last year, the RBI has mandated two factor authentication at banks for all delivery channels. In the past 12 months, 31 per cent of respondent-banks invested in identity management, and state that investment in technologies to address such regulations is likely to continue.
According to the survey, technology investments during the next financial year will be made towards stronger governance, business continuity planning, securing mobile and wireless transactions, data loss prevention and network security.
Mobility and consumerization of IT pose security risks: The risk of exposing confidential information is increasing as customers explore new channels for financial transactions through e-commerce and mobile banking.
Besides increased mobile and online transactions (18 per cent), growing internal threats (15 per cent) are also significant factors driving security adoption. The survey revealed that eight out of ten employees at respondent organizations use endpoints, and that currently 81 per cent of smart phone users in these organizations access corporate information, and 57 per cent use instant messaging.
“CIOs at financial services enterprises in India are concerned about the security of their information and related losses, leading to crucial attention towards IT governance,” said Ajay Goel, managing director, India and SAARC, Symantec. “RBI guidelines, the impending Basel III compliance and the IT (Amendment) Act 2008 regulations are compelling the financial sector to take a close look at how they secure and manage their information.”
{#PageBreak#}
Threats targeting financial information
1.W32.Sality.AE, one of today’s most prevalent threats, spreads by infecting executable files and attempts to download potentially malicious files from the Internet. The operators of this botnet are capable of stealing banking information.
2.Trojan.Tatanarg is a Trojan horse that attempts to steal information from the compromised computer. It specifically targets Internet banking accounts.
3.Infostealer.Bancos variants are malicious software programs responsible for stealing confidential financial information, collecting email addresses, and deleting predetermined files from compromised machines.
4.Zbot, also known as Zeus, is a malware package that allows the most novice hackers to easily steal online banking credentials and other online credentials for financial gain.
Recommendations
1.Financial Services organizations need to develop and enforce IT policies and automate their compliance processes. By prioritizing risks and defining policies that span across all locations, businesses can enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur or anticipate them before they happen.
2.Businesses need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in identifying and classifying confidential, sensitive information, knowing where it resides, who has access to it, and how it is coming in or leaving an organization. Proactively encrypting endpoints will also help organizations minimize the consequences associated with lost devices.
3.To help control access, IT administrators need to validate the identities of users, sites and devices throughout their organizations. Furthermore, they need to provide trusted connections and authenticate transactions where appropriate.
4.Organizations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
5.Finally, organizations need to protect their infrastructure by securing all of their endpoints–including the growing number of mobile devices–along with messaging and Web environments. Defending critical internal servers and implementing the ability to back up and recover data should be priorities. In addition, organizations need visibility, security intelligence and ongoing malware assessments of their environments to respond to threats rapidly.