SAS Sponsors Study on Banks Defense Against Cyberthreats [Professional Services Close - Up]
(Professional Services Close - Up Via Acquire Media NewsEdge) SAS announced that evolving security threats, technology limitations and simple lack of awareness make cyberrisk a daunting hurdle for banks.
According to a release, a recent survey by Longitude Research, Cyberrisk in Banking, cites lost customer trust as the most significant impact from cyberattacks - nearly double that of monetary losses.
Sponsored by business analytics company SAS, a study surveyed 250 respondents from retail and commercial banking primarily based in the Western Hemisphere, including North America (40 percent), Europe (21 percent) and Latin America (20 percent). Although cybersecurity is a problem affecting multiple industries, financial institutions often lead the way by experiencing new threats and enhancing their cybersecurity defenses. Nevertheless, one in five of the executives polled for this study regards overall organizational preparedness for cybersecurity risks as "high." The weakest link reported within banks was a lack of dedicated internal resources - only 24 percent feel "highly prepared" for cyberthreats in this regard.
New communication channels for customer service offer convenience. Unfortunately, they also introduce new threats - phishing, botnets and mobile malware being rated among the most likely and most damaging, according to the survey.
Lack of senior executive awareness was common - more than half (54 percent) of survey respondents say financial losses aren't high enough from cyberattacks to warrant board-level attention. "This is partly because most organizations handle security as an extension of IT rather than viewing it as an operational risk," said Christopher Smith, Director of Cyber Strategies at SAS.
SAS said threats must be evaluated in the appropriate context and prioritized accordingly. For example, the report indicates financial losses are typically low for distributed denial of service (DDOS) attacks, which are politically motivated and primarily designed to block access to websites or online Web services to garner media attention. But it is short sighted to not also consider the loss of customer trust and the risk of tarnished reputation that result from such attacks.
The report recommends that banks need a holistic view of cyberthreats, treating them as operational, enterprise-wide risk.
Absence of information was also a recurring theme, evidence that the value of big data depends upon proper analysis for making better decisions. The report said, "this is particularly relevant for cybersecurity, as not all threats are equally severe and must be prioritized accordingly." Interviewees bemoaned a lack of key risk indicators, which would better position them to accurately evaluate threats alongside any organizational weaknesses.
Nearly one in three respondents rated limited customer awareness as a key challenge. Still, less than one in four banks believes internal resources are highly prepared - which is far easier to resolve than external customer attitudes.
One of the report's conclusions is that organizations need context-aware analytics to become proactive. By pairing big data assets and high-performing analytics, organizations can spot trends and pre-empt possible attackers. Analytics enables banks to create risk-based responses to potential incidents. This supports the report's realization that organizations must elevate cybersecurity from a technical problem to a broader, risk-based strategy.
"Context-aware security applications have access to more data about what is happening at the moment, and can respond with a wider range of behaviors that are tailored to current conditions," said Avivah Litan, co-author of the footnoted report and Distinguished Analyst at Gartner. "This capability is particularly helpful to enterprise security management because there is no such thing as 'absolute trust.' A decision to let a transaction proceed based on its perceived risk is not made under black-and-white conditions, but rather is best arrived at by gauging the probability of risk incurred by letting the transaction execute."
The Cyberrisk in Banking report underscores the need for banks to better manage, monitor and risk-rate the threats they face. To help organizations combat cyberattacks, SAS is expanding its portfolio of fraud and security intelligence solutions to further address cybercrime in 2014.
"Though cybersecurity is clearly a cross-industry issue, financial institutions are leading a trend toward convergence of fraud and cybercrime prevention technology and operations in support of a holistic approach to cybersecurity," said Stu Bradley, Director of Security Intelligence Solutions at SAS. "This strategy will require new capabilities, not least to fill gaps in the technology marketplace as part of solving the biggest data challenges to date, and in proactively using better analytics to make real-time, risk- based decisions."
Read Cyberrisk in Banking to learn the report's detailed findings.
((Comments on this story may be sent to firstname.lastname@example.org))
(c) 2013 ProQuest Information and Learning Company; All Rights Reserved.
[ Back To Technology News's Homepage ]