MetricStream report shows FIs approach to cybersecurity
From Wikipedia: In February 2016, instructions to steal $951 million from Bangladesh Bank, the central bank of Bangladesh, were issued via the SWIFT network.
Five transactions issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with $20 million traced to Sri Lanka (since recovered) and $81 million to the Philippines (about $18 million recovered).
The Federal Reserve Bank of NY blocked the remaining thirty transactions, amounting to $850 million, at the request of Bangladesh Bank.
Two-thirds of banks and other financial organizations saw at least one cybersecurity attack in the past 12 months. That’s according to MetricStream Research’s new report, “The State of Cybersecurity in the Financial Services Industry.” Based on a survey of C-level information security professionals at more than 60 banking, insurance, asset management, diversified financials, investment services, and foreign exchange services, the report recounts a spate of recent cyberattacks, including the Bangladesh Bank heist and the Banco del Austro hack.
The two heists resounded around the world, propelling cybersecurity to the top of the corporate agenda prompting boards and executive teams to question their cybersecurity measures.
Financial institutions have always been a lucrative target for cybercriminals, given the massive volumes of data and money that can be stolen.
Now, with the introduction of mobile banking, online banking, the cloud and other new technologies, cybercriminals have more potential routes to breach an institution’s cyber defenses.
These factors make it imperative for financial institutions to have robust threat detection and risk management mechanisms, as well as strategies to swiftly respond to and recover from a cyberattack, the report states.
Against this backdrop, the MetricStream Research report provides in-depth insights into the cybersecurity landscape of financial institutions:
- 48.5 percent of the surveyed organizations reported employees to be the primary conduit through which an attack was launched
- 91.2 percent of organizations have cybersecurity as a formal part of their Enterprise Risk Management (ERM) program
- 70.6 percent of organizations say their cybersecurity programs include using third party companies that provide solutions
- Only 38.2 percent of organizations use an IT GRC solution as a cybersecurity program tool.
As the report demonstrates, an increasing number of financial institutions are falling prey to cyberattacks; in fact, many are not even aware that they’ve been attacked until it’s too late,” said French Caldwell, Chief Evangelist at MetricStream.
“The best defense for organizations is to implement a pervasive and mature cybersecurity program that is integrated with their enterprise risk management framework,” he says. “It is best to design it to be driven from the top and based on the latest industry security standards. “
Technology can aggregate risk and threat intelligence from across the enterprise, and transforming it into the insights that organizations need to secure their assets, and protect their brand., Caldwell said.