By Maria Bruno-Britz
When asked in an interview what she saw as some of the most significant trends in security in the financial services space, Gartner's Avivah Litan, VP, distinguished analyst, said that one of the most visible is that fraudsters such as phishers "are moving downstream to smaller banks. The attacks just don't stop." An increasing body of evidence shows that if you're a small or midsize bank or credit union, or small or midsize business period, you are more likely to be in the sites of spammers and cyberfraudsters today than ever before.New evidence has shown that the criminal and junk email elements are starting to widen their horizons from just targeting large, well-known firms and are going after the smaller guys. The reason, say experts, is that smaller enterprises are perceived as having little in the way of security savvy. Whether this is true or not depends on the financial institution. Some of the smaller banks are actually quite nimble in how they operate and are forward-looking on the information security side, primarily because they lack the complexity of their larger counterparts. On the other hand, many do not have the resources-whether funding or manpower-to implement comprehensive information security programs and leave themselves open to attack from all quarters.
Security solutions provider Vasco Data Security just released results of a study in which it found that small and midsize enterprises (SME) were increasingly bearing the brunt of spam and malware attacks. In the period between January and December 2006, Vasco charted the Internet dangers that its aXs GUARD product neutralized at the e-premises of 400 SMEs (those with five to 250 users) by measuring the companies' Internet and e-mail traffic. Among the findings:
• In January 2006, 64 percent of e-mails sent to the investigated companies were identified as spam. • In December 2006, the spam amount rose to 85 percent of the total amount of e-mails. • There is an upward evolution of attempts to get into a company's Local Area Network (LAN) and send spam on behalf of the "host," from 15 percent in January to almost 40 percent in December. • The techniques used by spammers and fraudsters to get access to a company's network are becoming more complex. In January, approximately 6 percent of controlled e-mails were blocked via content scanning. In December, the amount of e-mails blocked due to their content grew to 26 percent. • In January 2006, 3 percent of unaccepted surfing requests were related to employees stepping into a phishing/malware-related trap. In December, 77 percent of all blocked surfing requests had to do with phishing/malware.
On a somewhat brighter note, Vasco found that the number of viruses has declined slightly, from 111 in January 2006 to 95 in December. However, don't get too excited. The company goes on to say that the threat will rise as the total amount of e-mail traffic among surveyed companies rises. According to Vasco, total e-mail traffic of the 400 surveyed companies grew from approximately 6 million in January, to almost 20 million in December 2006.
The bottom line, says Gartner's Litan, is that if a bank wants its security strategy to work-whether a large multinational or a community bank-support is needed from the top. Security has to be about more than the technology-processes and people play a large role in keeping financial data safe these days.