The financial sector is particularly exposed to cyber threats, both due to the strong push towards digitization in the post-pandemic period, and due to the high flows of money and the huge amount of sensitive customer data managed. These are the results of the research “IT security: focus on the financial sector in Italy” conducted by Kaspersky. Evidence from relevant IT decision makers shows that nearly three-quarters (67%) of respondents rate the risk of cyber threats as “high,” with a peak of 76% among IT professionals. However, 81% believe the cybersecurity budget is sufficient for the next two years.
About eight out of ten respondents (84%) say the measures currently implemented are enough to protect your organization against cyber attacks. The level of agreement between executives (85%) and IT staff (87%) is significantly higher than that among cybersecurity managers (71%). 86% of respondents in companies in Italy with more than 1,000 employees believe that cybersecurity measures are already sufficient. In fact, 62% say they have the right internal expertise to fully protect the company, despite having perceived a situation of grave danger. In contrast, only 25% of smaller financial institutions report relying on the support of external cybersecurity providers, this rises to 33% among larger companies, which are more likely to use this service.
The risks for the financial sector
93% of IT decision makers said their business suffered one or more cyberattacks or cybersecurity issues during the pandemic. In fact, 60% of respondents revealed that the company they work for has faced ransomware and spyware attacks. Additionally, the data shows that phishing and malware attacks (58%) were especially prevalent. As part of the research conducted by Kaspersky, the repercussions in the event of a possible cyber attack were also investigated.
Massive financial losses for customers and the company (44%) or fraud, manipulation and misuse of services (40%) are the top two concerns for banking and financial companies in Italy regardless of their size. The financial impact of fines or regulatory litigation ranks third (32%), in fact more than half of respondents (57%) agree that the growing regulatory burden could increase the risk of non-compliance, with a percentage slightly higher among those working in the IT sector or in organizations under 1,000 employees (62% and 61%, respectively).
The biggest concern for financial institutions with more than 1,000 employees is registering significant economic losses to both customers and the company due to false transactions (47%); This percentage drops significantly (39%) among smaller companies (50-999), who also fear damage to their public image due to insufficient information security compliance.
Furthermore, also examining the statements that emerged from the qualitative survey: two executives of companies that have between 250 and 499 employees cite the possibility “that they could hit customers’ savings” and “steal customer master data” as their main concerns. Two of the security managers of a small company (50-249 employees) involved in the research fear instead of “being blackmailed” and a possible “image damage”. Finally, an executive of an organization with more than 10,000 employees expresses concerns about “data loss due to attacks or phishing, which also poses a regulatory risk”.
“Today, the value of cybersecurity is still not sufficiently recognized by IT decision makers in the financial sector. In fact, 81% believe that their IT security budget will be sufficient in the next two years; at the same time, nearly everyone reported that their organization experienced one or more cyberattacks or security issues during the pandemic. Implementing measures to ensure cyber defense, data protection and against espionage must be considered essential especially in the financial sector. Indeed, in the next few years, every investment in cybersecurity will bear fruit and will therefore be money well spent in the medium and long term”he has declared Cesare D’Angelo, General Manager Kaspersky Italia & Mediterranean.
Top 10 tips to protect yourself from cyber threats
To ensure the security of financial institutions against cyber threats, Kaspersky recommends:
- Restrict access to tools remote management from external IP addresses and ensure that remote interfaces are only accessible from a limited number of endpoints.
- Apply strict policies on passwords for all IT systems and use multi-factor authentication.
- Assign extended privileges only to those who need it to do their job.
- Back up regularly of relevant company data. This way, important data that has been encrypted and rendered unusable by a ransomware can be quickly restored.
- Organize regular training sessions targeting employees is essential for raising awareness of digital threats.
- Implement a flexible security strategy to detect and minimize the risk of targeted attacks and technologically advanced threats by identifying a broad range of compromise vectors.
- Secure your endpoints and embedded devices, such as ATMs and POS systems, as well as other technologies used in points of sale.
- Protect virtual and physical serversVDI deployments, storage systems, and even data channels in private clouds, as well as advanced workload security in public clouds with advanced technologies.
- Enable SOC teams to access information latest threats thanks to Threat Intelligence to stay up-to-date on cyber criminals’ tools, techniques and tactics. Meaningful threat intelligence, advanced machine learning technologies, and a unique pool of global experts help keep banks and financial service providers secure against unknown cyberattacks.
- simulation scenarios enable IT security teams to be in a simulated corporate environment, where they are exposed to a variety of unexpected cyber threats.