Deloitte 2006 Global Security Survey
Thursday June 15, 2006 at 5:43 am CST
Posted by Francois Paget
The 2006 Global Security Survey was just released by the Financial Services Industry, conducted by Deloitte Touche Tohmatsu (DTT). This survey of the world's 100 biggest financial services organizations announced a surge in digital attacks over the past year.
The world's largest financial institutions experienced a surge in the number of digital attacks over the past year, specifically from external sources. More than three-quarters (78%, up from 26% in 2005) of respondents confirmed a security breach from outside the organization and almost half (49%, up from 35% in 2005) experienced at least one internal breach. Among the key points of this survey: sophistication of attacks and proliferation of vulnerabilities dominate attention. When asked to rate the intensity of perceived threats over the next twelve months, 53% of respondents chose phishing and pharming while 51% chose viruses, spyware, Trojans and worms. While internal threats continue to rise over previous years organizations appear to be more concerned with threats from the outside, since, in their minds, they bring a higher degree of publicity and potential damage to their reputations. The study suggests that financially motivated, targeted attacks are increasing and the criminal profile is shifting - from script kiddies and disorganized hackers to well funded organized crime rings, whose around-the-clock, across-the-globe attacks are yielding a big financial payback. This trend clearly highlights that random acts of vandalism (such as the web page defacements experienced by 4% of respondents) have been replaced by purposeful, targeted acts of criminal activity (such as the successful phishing attacks experienced by 51% of respondents).
In the survey, identity theft is called the "Crime of the 21st Century". Along with account fraud, they are two priorities that Financial Institutions will likely be focusing on this year.
To end this note, I am surprised by the classification for external breaches experienced by the companies and quoted in page 26 :
- Viruses/worms : 63%
- Phishing/pharming : 51%
- Spyware/malware : 48%
A bit of clarification may be needed for the Deloitte malware definition in order to understand why viruses, worms (page 26 and 27) and Trojan horses (page 29) are not classified in this category. By their definition, malware are only considered as malicious program "deployed to extort some form of monetary gain" as explained in this press release document.
This interesting survey is available at :
http://www.deloitte.com/dtt/research/0,1015,sid=1000&cid=121102,00.html