Your Risk Management Magazine
Internal IT threats growing for financials

Font size : + -

email print

Internal information security threats are outstripping external attacks at the world’s biggest financial institutions, according to a recent global study.

Deloitte’s global security survey found that 35 per cent of surveyed institutions had experienced an attack from within their organisations, compared with 14 per cent in 2004.

Deloitte reported that an increasing deployment of anti-virus solutions, virtual private networks and content filtering and monitoring had driven a shift from tactics that exploit technical loopholes to those that focus on human behaviours.

“Financial institutions have made great progress in deploying technological solutions to protect themselves from direct external attacks, however, the rise and increased sophistication of attacks by criminal elements that target customers and internal attacks indicate that there is a new threat that has to be addressed,” said Kevin Shaw, Asia Pacific leader of security services at Deloitte.

While globally there are significant issues regarding security training and awareness, Australian firms were found to be ahead of the game in this regard. Training and awareness were at the bottom of the security priorities list globally, despite the survey finding that in close to 50 per cent of cases, security and awareness measurements implemented in the past 12 months declined from 77 per cent in 2004, to 65 per cent this year.

Failing to match software and technical deployments with training and education programs could lead to security strategies being less effective.

“With threats such as identity theft, phishing and pharming on the rise, organisations should be implementing identity management solutions encompassing access, vulnerability, patch and security event management,” Shaw said.

“These solutions should be augmented by security training and awareness if organisations are to minimise the number of human behavioural threats.”

In Australia, however, the survey found that senior management was well informed with regard to information security threats and performance goals. Metrics were also in place to measure program effectiveness.

“Australia is well in front in having information security strategy led and embraced by line and functional business leaders,” Shaw said.

However, the picture is not so rosy elsewhere. While 86 per cent of respondents with a chief information security officer (CISO) – 46 per cent of the total – said the CISO reported directly to the board or C-suite, just one-third felt security had been recognised as a critical area of business.

The most common reasons for security project failures cited by respondents were unrealistic timelines and budgets (56 per cent), integration problems due to poor front-end design and architecture (48 per cent) and a lack of buy-in from business owners (34 per cent).

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.