MANILA—Global cybersecurity firm Kaspersky Lab has revealed that financial institutions might incur significant costs due to cybercrime incidents.
A study conducted by Kaspersky Lab and B2B International disclosed that financial firms may face losses of up to nearly a million dollars on the average for every incident of cyberattacks that they may encounter.
This finding is part of its 2016 Financial Institutions Security Risks survey among finance professionals which highlighted the security challenges for banks and financial institutions worldwide and the financial costs of specific cyberattacks.
The most-costly types of incident for financial organizations are threats that exploit vulnerabilities in point-of-sale (POS) systems, in which an organization typically loses USD 2,086,000. Attacks on mobile devices are the second most costly (USD 1,641,000), followed by targeted attacks (USD 1,305,000).
Most financial firms have increased their investment on IT security as a result of the increasing threats of cyberattacks.
Insufficient internal expertise, top management directives and business expansion are some of the reasons these companies have hiked their spending on cybersecurity.
“Given the substantial monetary losses from cyberattacks, it is not surprising that financial organizations are looking to increase spending on security. We believe successful security strategies for financial organizations lie in a more balanced approach to allocating resources — not just spending on compliance, but also investing more in protection from advanced targeted attacks, paying more attention to personal security awareness and getting better insights on the industry-specific threats,” Veniamin Levtsov, Vice President, Enterprise Business at Kaspersky Lab, said in a statement.
Experts of Kaspersky Lab have recommended these security strategies that may be adopted by financial organizations: be alert of targeted attacks as these are likely to be conducted through third parties or contractors and can be utilized as an entry point for malware or phishing attempts; not underestimating less sophisticated threats; conducting regular penetration testing through implementation of sophisticated detection tools and penetration testing to detect system vulnerabilities and paying attention to threats from company insiders that can be exploited by cybercriminals or become ones.