OREANDA-NEWS. November 16, 2015.  According to the latest Kaspersky Lab and B2B International IT Security Risks Survey, 60% of businesses have experienced at least one IT security incident which led directly to, or related to, financial fraud. The global survey of more than 5,500 company executives and professionals from 26 countries also found that direct money loss due to cyberattacks is a major topic on a business’s cybersecurity agenda, with the importance of mitigating the risk of fraud on par with major issues such as malware attacks and data leakage. While this awareness is promising, the survey also indicates that online fraud is perceived as complex and hard to prevent even by the banks themselves. The survey found that businesses struggle to separate fraudulent actions from legitimate ones and are yet to decide who is responsible for attack mitigation and response.

Main findings

  • 47% of businesses feel they need to improve their protection of financial transactions.
  • 27% of businesses carry out financial transactions using a mobile device. 59% use Wi-Fi.
  • 72% of companies are looking for a financial services provider with a stronger security reputation.
  • Financial organizations themselves are yet to come up with a uniform approach on who is actually responsible for fraudulent actions against their customers. Popular options are: Banks’ IT Department, Senior Management, Security Department, or even Police or Government.

Lack of a uniform approach

The Corporate IT Security Risks survey confirms that online financial fraud is one of the most sensitive topics for businesses. Other types of cybersecurity breaches, even the most dangerous ones such as cyberespionage, may still provide enough time to mitigate risk. However, a loss of money affects operations and reputation almost immediately. At the same time, we observed that the perception of online fraud is sometimes far from realistic or uniform. Businesses have yet to decide upon who has the ultimate responsibility for the prevention of such attacks. The scope of solutions aimed at securing financial transactions of any type is also not well defined. Some companies rely on banks, some use third-party solutions in-house or develop their own routines, and some haven’t yet fully implemented a fraud prevention solution at all.

“Financial cyberattacks are evolving into sophisticated, state-of-the-art campaigns,” said Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab. “Unfortunately, too many businesses are a step behind cybercriminals and are not doing enough to improve their protection against fraud. When a weak cybersecurity strategy is faced with the current sophisticated cyberattacks, financial loss becomes inevitable; however, this does not have to be the case. By implementing a comprehensive fraud prevention strategy, businesses are able to provide a secure environment for their customers to conduct various online payment methods used today.”