The global economic crisis hitting the financial services sector is also fuelling a growing information security risk, according to the latest Deloitte Global Security Survey released last week. Security attacks that exploit human error and breaches caused by distracted or disgruntled employees are likely to be the root cause of information security failures in coming months.
The majority (86%) of respondents to Deloitte’s sixth annual Global Security Survey confirmed that human error is the leading cause of information systems failure. This recognises that people are both an organisation’s greatest asset as well as its weakest link, and is particularly relevant in today’s economic climate where job insecurity and increased stress levels may lead employees to behave in unusual ways.
While both internal and external security breaches at financial institutions worldwide have fallen over the past 12 months, employee misconduct is a growing concern for these organisations. More than a third (36%) of respondents expressed a greater level of concern about insiders’ misconduct, compared to only 13 per cent who were more concerned about external people’s misconduct. Furthermore, six in ten (58%) survey participants felt ‘not very’ or only ‘somewhat’ confident with their ability to protect their organisation from internal cyber-attacks.
The growing popularity of new social networks such as Facebook and mySpace, and the proliferation of mobile media such as USB keys, MP3 players and PDAs all cause an extra load on internal and external security. Interestingly, more than half of financial institutions surveyed now restrict the use of social networks and instant messaging (53% and 58% respectively), yet 90 per cent allow employees to use mobile devices which can present hackers with potential opportunities to access identities and gain access to confidential information.
Phishing and pharming were cited by respondents as causing the one of the highest levels of concern (46%) and ranked as one of the leading types of external breach experienced by respondents (22%).
Mike Maddison, Head of Deloitte’s Security & Privacy practice said: “Financial institutions are facing a battle on two fronts in their efforts to protect consumers’ financial assets and data. On one side is the growing sophistication of hackers that exploit new technologies such as social networks platforms, on the other side is the challenging economic environment and potential redundancies that has created a distracted workforce and a growing number of disgruntled former employees. In this economic climate it is vital that firms become extra vigilant in protecting their data, and implementing checks and measures to reduce the potential impact of human error.
"Financial institutions also have to deal with the challenges around protecting their customer’s data and ensuring their privacy. Data protection and privacy has now claimed its spot amongst the top ranking security issues and is not going to go away.
