According to a Kaspersky Lab survey of IT professionals, 48 percent of e-commerce/online retail businesses and 41 percent of financial services organisations worldwide have reported losing some type of financial information to cybercriminal activities within the past year.
Kaspersky Lab’s survey also surprisingly found that the e-commerce/online retailer business segment is the least likely to deploy and update specialised anti-fraud measures to protect financial transactions and prevent stolen banking information.
FREE Download: CISO Data Breach Guide
Attitudes Toward Technology
The e-commerce/online retail and financial services business sectors both depend on their abilities to receive, process and store sensitive financial information from customers. Through a combination of targeted attacks, application vulnerabilities and other forms of cyberattacks, almost half of businesses in both sectors will lose some of this information over the course of a year. Such a loss will not only damage the reputations of these businesses, which are highly dependent on trust, but it will also trigger costly legal penalties, removal and clean-up procedures.
But while these two segments share these similarities, their attitudes towards security technology are markedly different.
Only 53 percent of the e-commerce/online retail segment indicated that they “make every effort to keep anti-fraud measures up to date,” which is ten percent lower than the overall global average, and the lowest overall of any business segment. Since the entire business model of online merchants is based on online and electronic payment processing, this reluctance to invest in anti-fraud measures seems highly counter-intuitive.
[wp_ad_camp_4]
The financial services segment takes a more positive and proactive approach towards securing their financial data. When asked if they “make every effort to keep anti-fraud measures up to date,” 64 percent of finacial services providers agreed, a response rate tied for highest across all segments. Additionally, 52 percent of the financial services segment reported a desire to implement new technologies to protect financial transactions, compared to 46 percent of the e-commerce/online retail segment.
Changes After a Breach
Kaspersky Lab’s survey asked businesses that experienced a serious data loss incident about steps taken afterwards to protect their customers. Despite their differing attitudes explained in the segment above, both the e-commerce/online retail and financial services sectors took similar steps to implement additional protections. The most common measure implemented was “providing secure connections for customer transactions,” which was done by 88 percent of financial services organisations and 78 percent of e-commerce/online retailers. Financial service providers are more focused on providing specialised solutions for mobile devices than e-commerce/online retailers (75 percent vs. 56 percent, respectively), which means mobile payment security for online merchants may be a future area of concern.
In general, the least-common step taken by both financial service providers and e-commerce/online retailers following a data breach was to provide free or discounted versions of premium internet security software to their customers. It would appear that both sectors are more willing to invest in securing their own systems rather than investing in securing their customers’ systems.
Lastly, despite the relatively high adoption rates of specialised fraud protection for endpoints following a data breach – 71 percent for financial services and 62 percent for e-commerce/online retailers – the flip-side of those numbers is noteworthy. These numbers show that approximately one-third of companies in both sectors are still not investing in financial security software, even after financial information is stolen from them in a data breach incident.
Recommendations
Security industry research shows that businesses specialising in collecting and processing customer payment information are being actively targeted by cybercriminals, and this Kaspersky Lab survey shows that these businesses are very likely to lose payment data through a data breach. Instead of reacting to the attack, Kaspersky Lab advises businesses to be proactive in securing their IT networks and to secure payment systems with specialised protection.
Kaspersky Endpoint Security for Business helps protect a business network from an onslaught of malware, phishing, and other cyberthreats. Financial institutions need advanced endpoint security across their entire network, including mobile devices, virtual machines, and PCs. Kaspersky Endpoint Security for Business can bring protection for all these endpoints to a single administrator console, giving IT managers superior visibility and policy control over the security of their network.
Kaspersky Fraud Prevention unites a number of technologies to monitor the “back-end” processing of banks for malicious activity; ensures the protection of customer endpoints, including their mobile devices; and provides an SDK for reinforcing the security of mobile banking applications. This fraud protection platform also uses Kaspersky Lab’s threat intelligence services to increase bank employees’ levels of cyberthreat knowledge and bolster the effectiveness of technologies used to protect financial data.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.