Are banks overconfident when it comes to spotting breaches?

Given the huge increase in the number of cyber attacks and data breaches reported in the last few years, it would be fair to assume that financial institutions (FIs) will be making security a top priority at the moment.


After all, these businesses hold some of the most valuable information criminals will be after and, as the size of their databases grows, they represent an extremely tantalizing target for hackers.


Indeed, figures from the Identity Theft Resource Center's 2015 Breach List report show that breaches within the banking, credit and financial sectors nearly doubled between 2014 and 2015. Despite this, most professionals within the industry remain confident that even if they are attacked, they will be able to respond quickly and minimize any damage. But is this really the case?


A problem of overconfidence


A recent study conducted by security provider Tripwire suggested the optimism that many financial services professionals express about their defences may be overstated. It revealed that the majority of these individuals express confidence in their ability to spot a breach with around four out of five respondents saying they expect to be able to spot intrusions within minutes or hours.


However, when pressed on specific response times, many financial services IT pros admitted they do not know how long it would take for their tools to identify key indicators of an attack.


For instance, 60 percent of financial respondents either did not know or only had a general idea of how long it would take to isolate or remove an unauthorized device from their organizations' networks. A similar number (59 percent) admitted to being in the dark about how long it would take to spot configuration changes to their network.


These can be key warning signs that a network has been breached, but the longer it takes to spot such suspicious activity, the more damage can be done. And if enterprises wrongly believe that they will be alerted within minutes, this can lead to a dangerous complacency that means potentially serious breaches are going unnoticed.


Moving beyond compliance


One of the main reasons for this gap between expectations and reality is that many IT pros still retain a very compliance-focused attitude towards their security. As one of the economy's most heavily-regulated sectors, FIs face a variety of regulations that set out what is expected of them when it comes to defending their systems.


However, the problem is that many IT pros treat these as a box ticking exercise and end up doing the bare minimum that is required of them to meet these standards.


Tim Erlin, director of IT security and risk strategy for Tripwire, noted: "Compliance and security are not the same thing. Addressing compliance alone may keep the auditor at bay, but it can also leave gaps that can allow criminals to gain a foothold in an organization."


Closing the gap


In order to improve their security performance and close these vulnerabilities, financial services firms must break free from this compliance-based mindset and implement more advanced solutions that go beyond minimum requirements.


While it may be difficult to get senior personnel on board with the idea of such investments, the cost of not doing so could be enormous. A major data breach can be hugely damaging to a financial institution both reputationally and financially, so taking the right steps now can ensure firms have the best possible protections in place, and make certain that the confidence businesses have in their systems is not misplaced.