Insider attack now biggest threat to banks

Insider attacks have become the biggest threat to financial networks, according to a new study.

The 2005 Global Security Survey, published by Deloitte Touche Tohmatsu, found that 35 percent of senior security officers from the world's top 100 financial institutions confirmed they had encountered attacks to their organization's infrastructure from within. This figure is up from 14 percent last year. Attacks from outside were confirmed by 26 percent of respondents (up from 23 percent in 2004).

Phishing and pharming are two new additions to the top security threats financial institutions faced in the past year. Nearly half of respondents identified lack of employee awareness as one of their top challenges.

The survey found a greater use of security technologies with the increased use of anti-virus solutions (98 percent compared to 87 percent in 2004), virtual private networks (79 percent compared to 75 percent) and content filtering and monitoring (76 percent versus 60 percent in 2004).

While companies had been rolling out technology to counter external attacks, they have been lacking in training staff to deal with internal threats. Experts said the findings meant it was time for organizations to change tactics.

"Financial institutions have made great progress in deploying technological solutions to protect themselves from direct external threats, however the rise and increased sophistication of attacks that target customers, and internal attacks, indicate that there are new threats that have to be addressed," says Adel Melek, a partner at Deloitte Touche Tohmatsu. "Strong customer authentication, training and increased awareness can play a significant role in narrowing this gap."

An inside attack is thought to have been behind the attempted robbery at Sumitomo Mitsui bank in March.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.