CONTINUE TO SITE »
or wait 15 seconds

News

Study: Financial services IT pros overestimate breach detection powers

May 23, 2016

Tripwire, Inc., a provider of endpoint detection and response, security and compliance solutions, has announced the results of an extensive study commissioned from Dimensional Research. The study evaluates the confidence of IT professionals regarding the efficacy of seven key security controls that must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 134 participants from financial services. 

Data breaches within the banking, credit and financial sectors nearly doubled between 2014 and 2015, according to the Identity Theft Resource Center's 2015 Breach List report.

Nevertheless, the majority of IT professionals in financial services in the Tripwire study displayed high levels of confidence in their ability to detect a data breach — even though they were unsure how long it would take for their security tools to discover key indicators of compromise.

While 60 percent of financial respondents either did not know or only had a general idea of how long it would take to isolate or remove an unauthorized device from their organizations' networks, 87 percent believed they could perform this task within minutes or hours. 

Additional  findings include: 

  • 37 percent of respondents said that their automated tools were able to identify location, department and other critical details of network devices with unauthorized configuration changes;
  • 82 percent believe they could detect configuration changes to a network device on their organization's networks within minutes or hours. However, 59 percent acknowledged that they did not know exactly how long it would take to do this;
  • 92 percent believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network. However, 77 percent say they automatically discover 80 percent or less of the devices on their networks;
  • 29 percent do not detect all attempts to access files or network-accessible file shares without the appropriate privileges; and
  • 40 percent said that less than 80 percent of patches are successfully fixed in a typical patch cycle.

"Compliance and security are not the same thing," said Tim Erlin, director of IT security and risk strategy for Tripwire. "While many of these best practices are mandated by compliance standards, they are often implemented in a 'check-the-box' fashion. Addressing compliance alone may keep the auditor at bay, but it can also leave gaps that can allow criminals to gain a foothold in an organization."

"The path to a mature security deployment is through visibility because you cannot protect what you cannot see," said Travis Smith, senior security research engineer for Tripwire. "Understanding what you have and how you can potentially be compromised allows security teams to focus on where attackers are likely to strike. The cost of being proactive is always less than the cost of being reactive."  

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
ParaScript intros verification solution for checks
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'