Fraud & Security -

Banks and merchants are struggling to keep pace with Cyber threats

According to a new report released today from financial and technology analyst house, Aite Group – Cyberthreats: Multiplying Like Tribbles, “Cyber threats come in the form of malicious software code, hacking attacks, waves of denial-of-service attacks, and insidious corporate espionage. All are designed to provide financial or political benefit to criminals and are still multiplying at a phenomenal rate”.

Aite Group’s research report, which draws analogies between cyber threats and the rapidly multiplying furry little Tribbles of Star Trek lore, focuses on two of the most lucrative targets for the organizations behind the attacks: financial institutions and merchants. The research shows that threats are escalating more quickly than banks or businesses can deploy defences against them. With more than 150,000 unique new strains of malware deployed each day in Q1 2013, it’s very difficult for the good guys to keep pace.

A bar graph showing cyber attack incidents reported by federal agencies

Cyber attack incidents reported by federal agencies

The username/password combination as an authenticator is now officially broken, Aite Group finds. Myriad database breaches over the last year compromised tens of millions of usernames and passwords; combined with the fact that consumers reuse these passwords across the Internet, the sole relevant use for this combination is now that of a database look-up mechanism.

A pie chart showing Industries under cyberattack

Industries under cyberattack in 2012

The key challenge in defending against the onslaught of attacks is that there are so many different players and attack vectors. International organized crime rings are in search of financial gain; nation-states, individuals, and crime rings are engaged in espionage against governments and businesses; and hacktivists aim to get into the headlines. The dividing lines between the players and their causes are not now clear.

“Threats are escalating more quickly than banks or businesses can deploy their defences, so rather than bulletproof security, organizations should focus on ways to make the cost of breaching their security more expensive than the underlying data that could be obtained,” says Julie Conroy, research director in Retail Banking at Aite Group. “Merchants need to take steps to eliminate the sensitive data from their environments altogether through technologies such as tokenization or point-to-point encryption. As fast as the threats are moving, security needs to be built with the assumption that the endpoint is already compromised—or will be soon.”

The post Banks and merchants are struggling to keep pace with Cyber threats appeared first on Payments Cards & Mobile.