Research from information security company, Clearswift, has shown that links within emails are perceived as posing the biggest cyber threat to the financial services sector, with as much as half (50%) of business decision makers highlighting this as a chief concern for their business, far more than any other threat.
The research surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia. When asked what they see as the biggest threat to their organisation, business decision makers ranked phishing emails as the top threat in all four surveyed regions.
“Email security consistently rears its head as a key vulnerability in UK cyber defences. This highlights that businesses need to change the way they’re approaching the task of mitigating these risks”, said Dr Guy Bunker, SVP of Products at Clearswift.
“It is easy for a company to perform mock phishing exercises and physical penetration tests to assess vulnerabilities, however this underhanded approach to catch staff out may not always prove to be the best way forward. The approach should be twofold, focused on balancing education with a robust technological safety net. This will ultimately help ensure the business stays safe.”
A lax attitude by employees to sharing passwords was ranked second on the list, as a source of cyber weakness, with one-third (36%) of FS business leaders listing this as one of the biggest threats. Compromised personal devices were the next offenders, with 34% of respondents highlighting malware coming into the organisation on employee’s personal devices as a major threat. Worryingly, ahead of the GDPR deadline on May 25th, 31% felt that employees not following data protection policies could be one of the biggest threats to their organisation. What’s more non-compliance with regulations, was also a concern.
Failure by firms to cut off access to the network for ex-employees was next on the list with more than one in four (27%) considering this a major threat.
Despite some major hacks in 2017, hackers were only the fifth most selected threat, with 30% of financial services flagging this as a major threat.
Other threats to feature included the use of non-authorised tools/applications for work purposes (29%), including personal email drives and file sharing platforms. FS business leaders also saw stolen company devices as one of the biggest threats (26%), with these devices often containing critical information.
Dr Bunker added: “With the knowledge that most information breaches are inadvertent, technology can so often provide a clear solution. Like our content aware Adaptive DLP suite, the solution should focus on preventing the information from leaking out, but also provide feedback to the sender to inform them that they have violated policy. This way, a business can work towards a safer environment and a more security conscious workforce.”
Top Ten Cyber threats according to the financial services sector:
- Malicious links within emails – 50%
- Employees sharing usernames/passwords – 36%
- Viruses via malware on personal devices – 34%
- Users not following protocol/data protection policies – 31%
- Hackers – 30%
- Employees using non-authorised tools/applications for work purposes (personal email drives/File sharing) – 29%
- Ex-employees retaining access to network – 27%
- Critical information on stolen devices – 26%
- USBs/removable storage – 25%
- Non-compliance with regulations – 23%