Financial Services Firms Lack Adequate IT Security, Survey Finds
Tripwire found 29 percent of systems do not detect all attempts to access files or network-accessible file shares without the appropriate privileges.IT professionals in financial services firms are overconfident in their breach detection capabilities, according to a study conducted for Tripwire by Dimensional Research. The study respondents included 763 IT professional from various industries, including 134 participants from financial services. It evaluated the confidence of IT professionals regarding the efficacy of seven key security controls necessary to quickly detect a cyber-attack in progress. "While financial services organizations perform well on many of the fundamental security controls, there are still significant gaps in visibility within these organizations," Tim Erlin, director of IT security and risk strategy for Tripwire, told eWEEK. "The most concerning findings are the areas where these basic, best practices are missing; where patches aren’t applied; or new devices aren’t detected. There’s high confidence among respondents, but clear gaps in deployment." A low 37 percent of respondents said their automated tools were able to identify locations, department and other critical details of network devices that had unauthorized configuration changes.
The survey also found 82 percent of respondents believe they could detect configuration changes to a network device on their organizations’ networks within minutes or hours; however, 59 percent acknowledged they did not know exactly how long it would take to do this.