Most people would imagine that protecting payment data would be the top priority for any business that deals primarily in online financial transactions. But according to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, financial organisations (banks and service providers) and e-commerce providers (online retailers) don’t see the protection of financial information as more important than any other business, and in some cases, they believe it’s much less important than average.
IT Department Security Concerns: Financial Institutions Step Up, E-Commerce Falls Down
According to the survey, the e-commerce industry pays significantly less attention to guarding sensitive payment information and protecting systems from IT security breaches. This seems highly counter-intuitive from what might be expected of a company that exists solely to process online transactions, but the responses regarding almost all aspects of e-commerce security were notably lower than the average responses of traditional businesses.
For example, the survey asked each business about the top concerns of the IT department
· The highest overall response was “protecting highly-sensitive data (including financial information) from targeted attacks,” an answer given by an average of 34 percent of businesses. The responses from the e-commerce segment were lower than this average, at 28 percent.
· The second-highest overall priority of the IT department was “preventing IT security breaches,” given by 29 percent of all businesses. Again, the responses from the e-commerce section were lower than average, at 22 percent.
· Another high-ranking concern for the IT department was “ensuring continuity of service for business-critical systems,” cited as a top concern by 23 percent of businesses overall. E-commerce again came in lower than the average at 19 percent, which is shocking since an online retailer’s entire revenue stream could be cut off by a DDoS attack.
It should be noted that the e-commerce segment wasn’t just “lower than average” for these questions. Responses from this industry were the lowest of all business segments. So if the IT departments of e-commerce businesses aren’t focused on preventing targeted attacks, data breaches, or network outages, then what are they focused on? “Client management” was the one response that e-commerce businesses ranked far higher than any other business (34 percent, compared to an average of 17 percent).
But Kaspersky Lab’s survey found that while the IT departments of e-commerce businesses didn’t have security top-of-mind, financial institutions told a different story when responding to the same question.
· “Protecting highly-sensitive data (including financial information) from targeted attacks,” was the top IT security concern, cited by 34 percent of businesses. 38 percent of financial institutions rated this as a top concern, the second-highest response rate.
· “Preventing IT security breaches,” rated as a top concern by 29 percent of all businesses was rated at 30 percent by financial institutions, again the second-highest response rate for this task.
· “Ensuring continuity of service for business-critical systems,” cited as a top concern by 23 percent of businesses overall, was cited by 26 percent of financial institutions, again the second-highest response rate for this task.
Other Differences (And Occasional Similarities) in Attitudes
The differences in attitudes towards the security of financial information was evident in other questions as well. When asked “What type of data loss would be most potentially damaging,” unsurprisingly, financial institutions ranked “financial information” the second-highest rating of any business segment at 24 percent, while e-commerce gave this response only a seven percent response rate. When the all the responses were added up, the survey found that 37 percent of financial institutions rated any sort of internal or customer financial data as the most damaging type of data they could possibly lose, the highest response rate of all business segments. Once again, e-commerce lagged behind at 21 percent, the second-lowest.
An interesting convergence of opinions occurred around responses less focused on financial information and more focused on customer information in general. Losing “customer/client information” was ranked as highly-damaging by 29 percent of financial institutions, and this time, e-commerce wasn’t as far behind at 21 percent. But by far, the biggest divergence on this question involved the importance of intellectual property. E-commerce businesses rated “intellectual property” and “market intelligence/competitive intelligence” as the two types of data they fear losing the most, and rated these higher than any other segment at 21 percent and 18 percent, respectively. In comparison, “intellectual property” was rated as data they “most feared” losing by only seven percent of financial services businesses, with “market intelligence/competitive intelligence” at nine percent.
Featured Download: Social media access at work. Do your employees know the rules?
When tasked with managing service outages caused by DDoS attacks, financial institutions and e-commerce have more in common than their attitudes may suggest. As noted previously, financial institutions rate DDoS attacks as a much higher source of concern than e-commerce businesses. But according to Kaspersky Lab’s survey, both e-commerce and financial institutions are two sectors that are most highly-targeted by DDoS attacks – 44 percent of e-commerce businesses reported a DDoS attack in the previous 12 months, along with 39 percent of financial institutions. When it comes to suffering negative consequences from DDoS attacks, these two sectors have more in common than they think.
Comprehensive Protection for Specialised Industries
While businesses in the financial institution segment clearly show a more firm commitment to data security their e-commerce counterparts, both segments can benefit from a renewed focus on service continuation planning. E-commerce businesses should take the opportunity to bolster their overall security posture as well.
The Kaspersky Fraud Prevention platform, introduced by Kaspersky Lab earlier in 2014, is designed specifically for banks, payment systems and e-commerce companies. It allows for specialised monitoring and advanced protection on the servers of the business, as well as coordinated security agents operating on the desktops of the business’ customers, combined to ensure a secure transaction and protection of financial data once stored.
To prevent service disruption caused by DDoS attacks, Kaspersky DDoS Protection is now being introduced in selected global markets. To learn more about Kaspersky Lab’s anti-DDoS technologies, please visit our solution homepage.
Kaspersky Endpoint Security for Business leverages the real-time data and analysis obtained by the company’s security experts, who designed this suite specifically to thwart targeted attacks and software exploits. To learn more about how Kaspersky Lab blocks previously-unknown “zero day” software exploits, phishing attacks, and sophisticated polymorphic malware, visit the company’s Internet Security Center for information about targeted attacks.
About Kaspersky Lab
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.