Cybercriminals are increasingly focusing their attention on specific segments. The financial industry has emerged as one of the most attractive targets.
Although financial institutions have long been leaders in terms of security control adoption, any organization can have weak spots in its defenses, and attackers have been taking advantage of these.
Last year, one of the nation’s largest financial firms suffered a major data breach that exposed sensitive personal information for over 76 million households and 7 million businesses. The attackers leveraged known vulnerabilities in the firm’s web applications and other software to gain unauthorized access to this data and to elevate their privileges to administrator level on dozens of the company’s servers.
Security professionals at financial institutions are already aware that their data and applications are being targeted by attackers, but they may not be aware of the increasing volume and sophistication of these attacks. Symantec’s 2015 Internet Security Threat Report has some startling statistics. For example, in 2014, attackers released more than 300 million new variants of malware. Older security tools simply cannot detect these new attacks effectively.
It’s not surprising to hear that targeted attacks are on the rise, but many of these attacks are now targeting small and midsize organizations. No enterprise is safe from today’s threats, and losses continue to increase. According to the 2014 Cost of Data Breach Study by the Ponemon Institute, the average cost of a data breach is up to $3.5 million.
To counter today’s threats, financial institutions need to increase and accelerate their efforts to protect their data and systems. This can be tricky because in some financial operations, such as trading, milliseconds count. Each financial institution needs to find the balance of speed and security that meets its own unique requirements and environment.
Capital markets firms have more types of cybersecurity tools at their disposal today than ever before. Based on today’s threats and security tools, most capital markets firms will find the greatest benefit from focusing on four core security areas: web security, advanced persistent threat detection, security resource consolidation and virtual environment security.
To learn more about these four areas of security, download the white paper “Cybersecurity for Capital Markets.”