Bank IT security attacks rise as spending stalls


25 May 2004

Many global financial institutions have had their IT systems attacked within the last year and many of these security breaches resulted in financial loss, a new survey has revealed.

According to findings published in Deloitte’s 2004 Security Survey, 83pc of respondents acknowledged that their systems had been compromised in the past year, a huge increase on 2002 which registered only 39pc of incidents. Of those attacked in 2003, 40pc stated that the breaches had resulted in financial loss to their organisation.

Most respondents admitted that their systems had in some way been compromised in the past year. Intrusions originating from outside the company were more common than those from within, although the majority of survey respondents said they had experienced both kinds of attack.

Even with security attacks on such a growth curve, one quarter of those polled reported flat security budget growth.

The report also identified a falloff in the use of security technologies. Although more than 70pc of respondents said viruses and worms would be the greatest threat to their systems over the next 12 months, only 87pc of respondents had fully deployed anti-virus measures, compared with 96pc that had done so in 2003.

The survey outlined the kinds of security measures respondents have implemented or maintained in the last 12 months: security policy (84pc); business continuity planning (75pc); security training and awareness (77pc); system security tools (75pc); business continuity plan testing (70pc).

Just over a quarter (26pc) of respondents said they felt that their strategic and security technology initiatives were well aligned. One third (32pc) felt that security technologies acquired by their firms were not being used effectively.

Identity management and vulnerability management are the two most common technologies that financial services are piloting or intend to deploy over the coming 18 months. In addition, 45pc of organisations have scanned their networks to identify rogue wireless networks, compared to 41pc last year. 59pc have instituted security policies that relate to wireless usage within the organisation.

Another future trend to watch for is the outsourcing of security as businesses focus on their core competencies and choose third party providers to take care of IT protection. To date, concerns around consumer privacy have prevented financial institutions from outsourcing critical security functions but the number and sophistication of security threats is increasing. Added to that, smaller financial institutions are finding it difficult to hire and retain trained security staff, which according to Deloitte should drive moves to outsourcing non-strategic security functions.

By Gordon Smith