How much confidence do financial organizations place in security controls?
Posted on 06 June 2014.
The confidence financial organizations place in their security controls is only marginally better than the confidence retailers place in their controls, according to Tripwire.


Key findings from the survey of 102 financial services organizations and 151 retail organizations in the UK include:
  • 65 percent of both financial and retail organizations would need between one to three days to detect a data breach on critical systems.
  • 49 percent of financial respondents said that the Payment Card Industry (PCI) data security standard is the backbone of their security programs, compared with just 39 percent of retail respondents.
  • 44 percent of financial respondents are unsure if their security controls would prevent the loss of customer data in the event of a data breach, compared to 38 percent of the retail respondents.
“The survey responses indicate that a surprising number of organizations are building their security programs based primarily on PCI,” said Dwayne Melancon, chief technology officer for Tripwire. “My concern is that PCI is a very prescriptive, checklist-oriented approach that is less effective if it is not coupled with a holistic risk-based security program. If these organizations stop at mere PCI compliance, they may be lured into a false sense of security.”

Melancon continued: “The majority of the organizations who responded said they could detect a breach of critical systems within one to three days. This is inconsistent with historical data that says most breaches go undiscovered for weeks, months or even longer. This survey data suggests that most organizations have a rose-colored view of their own capabilities when it comes to breach detection and response.”

Other findings reveal:
  • 45 percent of respondents from financial services firms said that recent breaches have not changed the level of attention executives give to security, compared to 37 percent of retail respondents.
  • Only 18 percent of financial respondents said their organization had already suffered a data breach that compromised customer data, compared to 28 percent of the retail respondents.
“It is not surprising that the financial services industry has more nascent attention and fewer detected breaches because it’s more regulated,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “In many cases, regulations and their enforcement drive not only security but general situational awareness that contributes to more effective risk mitigation.”





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //