Targeted Attacks: Persistent Threats
Experience of real incidents shows us that investments into security in the financial industry are well worth it in most cases – financial institutions report significantly fewer security events than companies of the same size in other industries – with the only exception of targeted attacks and malware. The detection of abnormal, potentially malicious activity, combining legitimate tools with fileless malware, requires a combination of advanced anti-targeted solutions and extended security intelligence. Still, 59% of financial firms are yet to embrace third-party threat intelligence.
Types of general security event experienced: Malware and targeted attacks are the only incidents that banking organizations experience more than their peers in other industries.
Sharing threat intelligence would help banks to identify new and emerging threats quickly, an important point for them to note, considering the low levels of concern banks have about some of their most vulnerable devices, such as ATMs. Sharing more third party intelligence, in this respect, could help banks prepare for threats that they may not otherwise expect.
ATM Protection: Low Level of Concern, High Vulnerability
Banks show comparatively low levels of concern about the threat of financial loss due to attacks on ATMs, despite being highly vulnerable to attacks of this nature. Only 19% of banks are concerned with attacks on ATM and cash withdrawal machines, despite the growing rate of malware targeting this part of a banks’ infrastructure (in the 2016 threats review we’ve reported a 20% growth in ATM malware compared to 2015).
“Combatting the constantly changing threats targeting their own IT infrastructure and customer accounts is an everyday challenge for financial institutions. To put an effective response in place – that protects all points of vulnerability – requires the financial services industry to have several key components: build a highly integrated anti-targeted attacks protection, embrace multi-channel anti-fraud security and get actionable intelligence on evolving threats,” comments Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab.
For more information about the research, please visit https://business.kaspersky.com/how-the-financial-industry-reacts-to-cyberthreats/6610.
Methodology
Kaspersky Lab together with B2B International has conducted a global study of 841 business representatives from financial services businesses in 15 countries which include Russia, Japan, China, India, Australia, Turkey, Germany, UK, France, Spain, Italy, Canada, Mexico, USA and Brazil.
