A few weeks ago, we had the chance to preview this year’s Faces of Fraud report; research conducted annually by the team at BankInfoSecurity to shed light on emerging trends and threats that keep even the most mature of financial institutions up at night.
In the 2013 survey, a few statistics stood out. In particular, phishing continues to be a top 3 form of fraud experienced by financial institutions, one which only 31% of respondents say they feel well prepared to detect and prevent. In addition, almost half of respondents noted that phishing attacks on employees have increased in the past year.
We provide our thoughts in the analysis section that goes along with the report.
But needless to say, as a financial institution, you have to accept that it’s a matter of when, not IF, you will be attacked, and you must leverage all the tools at your disposal to discourage attackers at every stage of the fraud lifecycle.
By taking a multi-layered approach, any vulnerability in one layer (bad user behavior, a malicious e-mail not caught by a filter, stolen credentials) is still caught by another layer.
We also had the opportunity today to sit on a panel with Gartner analyst Avivah Litan and Tom Field, ISMG’s editorial director, to talk about these findings. A few key takeaways from that panel, which we found very interesting, include:
- Customer awareness is minimal – even the best, most security savvy customers do not know when a data breach has occurred
- Improving awareness in only driving about a 1% reduction in fraud – clearly spending on awareness doesn’t match the needs of where fraud is occurring and how it can be stopped.
- Account takeover continues to remain a significant challenge, even with increased focus and spend
- Behavioral monitoring has and will continue to increase as one of the areas demonstrating tangible benefits to reducing fraud.
We hope you will find this report as insightful as we did. To check out the full version, visit http://www.bankinfosecurity.com/handbooks.php?hb_id=49