News

Staff Are Biggest Threat to Finance Firms' Data

Insiders represent the greatest threat to the secure data of financial services firms, according to the latest Verizon Business Data Breach report

By Leo King, Computerworld UK

October 09, 2008 — CSO —

Insiders represent the greatest threat to the secure data of financial services firms, according to the latest Verizon Business Data Breach report.

This marks a strong contrast with companies in other sectors, such as high tech services, food and beverage, and retail, which saw business partners as posing the greatest risk to their data.

Deceit and misuse of data represented the main type of attack against finance firms, where complex attacks often took weeks to discover - although this was faster than in other industries.

In high tech services, many of the firms actually had problems keeping track of information systems, Verizon said. Insider misuse was hard to control where so many workers had high level system access.

Web applications and remote access connections at retailers were frequently targeted. Discovery of the attacks was slow, with retailers largely reliant on third parties.

Remote access connections were frequently targeted at food and beverage firms, where attackers attempted to gain access to payment card data. The attacks tended to rely on pre security con figurations, and took a long time to discover, Verizon said.

Dr Peter Tippett, VP research and intelligence at Verizon Business Security Solutions, said: "Understanding what happens when a data breach occurs is critical to proactive prevention." It was crucial not to forget the basics, from proper security planning to data monitoring, he said.

In July, Verizon found that nearly nine in ten data breaches could have been avoided by taking what it called "reasonable" security measures.