Most people would imagine that protecting payment data would be the top priority for any business that deal primarily in online financial transactions. But according to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, Financial Organizations (banks and service providers) and e-Commerce providers (online retailers) don’t see the protection of financial information as more important than any other business…and in some cases, they believe it’s much less important than average.
IT Department Security Concerns: Financial Institutions Step Up, E-Commerce Falls Down
According to the survey, e-Commerce as an overall industry segment pays significantly less attention to guarding sensitive payment information and protecting their systems from IT security breaches. This seems highly counter-intuitive from what might be expected of a company that exists solely to process online transactions, but the responses regarding almost all aspects of e-Commerce security were notably lower than the average responses of traditional businesses.
For example, the survey asked each business about the top concerns of the IT department…
• The highest overall response was “Protecting highly-sensitive data (including financial information) from targeted attacks,” an answer given by an average of 34% of businesses. The responses from the e-Commerce segment were lower than this average, at 28%.
• The second-highest overall priority of the IT department was “Preventing IT security breaches,” given by 29% of all businesses. Again, the responses from the e-Commerce section were lower than average, at 22%.
• Another high-ranking concern for the IT department was “ensuring continuity of service for business- critical systems,” cited as a top concern by 23% of businesses overall. E-Commerce again came in lower than average at 19%, which is shocking since their entire revenue stream could be cut off by a DDoS attack.
It should be noted that the e-Commerce segment wasn’t just “lower than average” for these questions…the e-Commerce segment’s responses were the lowest of all business segments. So if the IT departments of e-Commerce businesses aren’t focused on preventing targeted attacks, data breaches, or network outages, then what are they focused on? “Client Management” was the one response that e-Commerce businesses ranked far higher than any other business (34%, compared to an average of 17%).
But Kaspersky Lab’s survey found that while the IT departments of e-Commerce businesses didn’t have security top-of-mind, Financial Institutions told a different story when responding to the same question….
• “Protecting highly-sensitive data (including financial information) from targeted attacks,” was the top IT security concern, cited by 34% of businesses. Financial Institutions rated this as a top concern by 38% of Financial Institutions, the second-highest response rate.
• “Preventing IT security breaches,” rated as a top concern by 29% of all businesses was rated at 30% by Financial Institutions, again the second-highest response rate for this task.
• “Ensuring continuity of service for business-critical systems,” cited as a top concern by 23% of businesses overall, was cited by 26% of Financial institutions, again the second-highest response rate for this task.
Other Differences (And Occasional Similarities) in Attitudes
These differences in attitudes towards the security of financial information was evident in other questions as well. When asked “What type of data loss would be most potentially damaging,” unsurprisingly, Financial Institutions ranked “financial information” the second-highest rating of any business segment at 24%, while e-Commerce gave this response only a 7% response rate. When the all the responses were added up, the survey found that 37% of Financial Institutions rated any sort of internal or customer financial data as the most damaging type of data they could possibly lose, the highest response rate of all business segments. Once again, e-Commerce lagged behind at 21%, the second-lowest.
An interesting convergence of opinions occurred around responses less focused on financial information and more focused on customer information in general. Losing “customer/client information” was ranked as highly-damaging by 29% of Financial Institutions, and this time, e- Commerce wasn’t as far behind at 21%. But by far, the biggest divergence on this question involved the importance of intellectual property. E-Commerce businesses rated “intellectual property” and “market intelligence/competitive intelligence” as the two types of data they fear losing the most, and rated these higher than any other segment at 21% and 18%, respectively. In comparison, “intellectual property” was rated as data they “most feared” losing by only 7%, of Financial Services businesses, with “market intelligence/competitive intelligence” at 9%.
When tasked with managing service outages caused by DDoS attacks, Financial Institutions and e- Commerce have more in common than their attitudes may suggest. As noted previously, Financial Institutions rate DDoS attacks as a much higher source of concern than e-Commerce businesses. But according to Kaspersky Lab’s survey, both e-Commerce and Financial Institutions are two sectors that are most highly-targeted by DDoS attacks – 44% of e-Commerce businesses reported a DDoS attack in the previous 12 months, along with 39% of Financial Institutions. When it comes to suffering negative consequences from DDoS attacks, these two sectors have more in common than they think.
Comprehensive Protection for Specialized Industries
While businesses in the Financial Institution segment clearly show a more firm commitment to data security their e-Commerce counterparts, both segments can benefit from a renewed focus on service continuation planning, and e-Commerce businesses should take the opportunity to bolster their overall security posture as well.
The Kaspersky Fraud Prevention platform, introduced by Kaspersky Lab earlier in 2014, is designed specifically for banks, payment systems and e-commerce companies. It allows for specialized monitoring and advanced protection on the servers of the business, as well as coordinated security agents operating on the desktops of the business’ customers, combined to ensure a secure transaction and protection of financial data once stored.
To prevent service disruption caused by DDoS attacks, Kaspersky DDoS Protection is now being introduced in selected global markets. To learn more about Kaspersky Lab’s anti-DDoS technologies, please visit our solution homepage.
Kaspersky Endpoint Security for Business leverages the real-time data and analysis obtained by the company’s security experts, who designed this suite specifically to thwart targeted attacks and software exploits. To learn more about how Kaspersky Lab blocks previously-unknown “zero day” software exploits, phishing attacks, and sophisticated polymorphic malware, visit the company’s Internet Security Center for information about targeted attacks.