Weakest Security Link = People?

Sep 18, 2007 2:34 PM

People remain the weakest security link for financial companies, according to consultancy firm Deloitte.

The compromising of customers' systems continues to be the major cause of security breaches in financial institutions, according to the 2007 Global Financial Services Security Survey.

Business partners and third parties also represent a cause of computer security breaches, one example given being the loss of up to 48 million credit and debit card details from a well-known discount retailer.

Deloitte called for the financial services sector to provide a concerted effort to educate customers, employees, third parties and business partners of IT risk.

"Until there is a concerted effort to provide tailored security knowledge and awareness programms to all of the people who comprise an organization's risk categories, organizations will continue to be at the mercy of the growing threat profile," the report says.

Although errors and omissions by employees were identified as major factors contributing to ongoing security failures, almost a quarter (22 percent) of respondents provided no employee security training over the past year and only around one third of respondents (30 percent) say their staff is well skilled, with adequate competencies to respond to security needs.

Mike Maddison, Deloitte UK head of security and privacy services, says in a statement: "You can have the best technical systems in place but they are unlikely to operate effectively unless you educate people on their obligations and how to fulfill them."

The survey found that although information security issues are gaining board recognition, with 82 percent of global financial institutions saying security has become a "critical area of business," only 10 percent of them said their information security strategy was "led and embraced by line and functional leaders."

Deloitte called it an "emerging security paradox" that security incidents continue to "grab business executives' attention, but 'ownership' of the underlying problems is still perceived to rest with IT departments." The company also said it was "surprising" that less than two thirds (63 percent) of the banks that responded to the survey have an information security strategy in place.

Maddison says, "The contradictory findings in this year's survey highlight the ongoing security challenge financial institutions are facing. On the one hand, it is clear that senior executives know there are actions they must take to improve security to protect their customers' data for very good business reasons. On the other hand, when it comes to taking action, it once again becomes a technical problem. Despite these challenges, knowing that the problem exists is at least half the battle, so financial institutions are definitely moving in the right direction."

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue