Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.

Press


From the Trenches: Current Status of Security and Risk in the Financial Sector

Ransomware and Spearphishing Top Attack Vectors; Preparedness a Concern; Accommodating Alternative Payment Systems

  • Bethesda, MD
  • October 6, 2016

The financial services industry is under a barrage of ransomware and spearphishing attacks, according to a new survey gauging the state of risk and security in the financial sector. Results will be released by the SANS Institute in a two-part webcast on Wednesday, October 19 and Thursday, October 20.

Ransomware, identified by 55% of respondents, has eclipsed spearphishing (50%) as the top attack vector for the first time. Such attacks have caused considerable damage, with 32% of survey respondents citing losses between $100,001 and $500,000 as a result of their breaches.

"Ransomware has rocketed to No. 1 on the charts of attacks against financial institutions in 2016, followed by phishing," says SANS Analyst and author of the survey report, G. Mark Hardy. "Such attacks are resulting in significant losses."

Both of these attack vectors prey on the vulnerabilities associated with users, who often click on links unwittingly that unleash vicious attacks on their organization's assets.

For that reason, organizations are focusing on time-tested controls such as email monitoring and security awareness training to reduce the potential for employee actions that unleash malware on their devices. They are also employing perimeter defenses, endpoint protections and log management techniques to identify, stop and remediate threats.

"Although some respondents told us they were experiencing fewer significant events, it is unclear whether they are prepared to defend against such occurrences," says Hardy. "Just over half of our survey sample felt prepared or very prepared to fend off attacks, and that will only be tested further as new alternative payment systems come online."

Although only 29% of respondents' organizations are using alternative payment systems today, many companies will be adding them in the near future, driven by customer demand, the need for a competitive advantage and potential cost reductions.

After careful analysis of the current status of cyber security in the financial sector, Hardy concludes, "Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later."

Full results will be shared during a two-part webcast at 1 PM EDT on both Wednesday, October 19 and Thursday, October 20, sponsored by Arbor Networks, ForeScout, Guidance Software, NSFOCUS, and WhiteHat Security, and hosted by SANS. Register to attend the webcasts at www.sans.org/webcasts/102352 (October 19) and www.sans.org/webcasts/102357 (October 20).

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and cyber security expert, G. Mark Hardy.


Tweet This

"From the Trenches" SANS 2016 Survey on Security and Risk in the Financial Sector | Oct 19 & 20 | Register: www.sans.org/u/lAb

"Ransomware has rocketed to No. 1 on the charts of attacks against financial institutions in 2016" |Oct 19 & 20| www.sans.org/u/lAb

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)