About half the e‑commerce/online retail businesses and about 40% financial services organizations surveyed by IT security firm Kasperky Lab over a year-long period have reported losing some type of finance-related information to cybercriminal activities.
The survey also notes that a fairly high, i.e. 53% of the businesses don’t have immediate plans to plug the loopholes and make customer data safe. Besides, nearly 30% of the organizations did not want to invest in financial security even through financial information was stolen from their database, the survey found. Both e‑commerce and financial services businesses depend on their abilities to receive, process and store sensitive financial information of customers.
Through a combination of targeted attacks, application vulnerabilities and other forms of cyber attacks, almost half of businesses in both sectors will lose some of this information over the course of a year. Such a loss will not only damage the reputations of these firms, which are highly dependent on trust, but can also trigger costly legal penalties and removal or clean up costs.
The survey, however, found that while these two segments share these similarities, their attitude towards security technology are markedly different. Only 53% of the e‑commerce/online retail segment indicated that they make every effort to keep anti-fraud measures up to date. This is 10% lower than the overall global average, and the lowest overall of any business segment.
On the other hand, the financial services segment takes a more positive and proactive approach towards securing their financial data, the survey found, as 64% of financial services providers said they make every effort to keep anti-fraud measures up to date. What’s more serious is only 71% of financial services businesses and 62% for e‑commerce/online retailers have adopted specialized fraud protection for endpoints following a data breach. These numbers show that approximately one-third of companies in both sectors are still not investing in financial security software, even after financial information is stolen from them in a data breach incident.
Since the entire business model of online merchants is based on online and electronic payment processing, this reluctance to invest in anti-fraud measures seems highly counter-intuitive, the survey has noted. “In general, the least-common step taken by both financial service providers and e‑commerce/online retailers following a data breach was to provide free or discounted versions of premium internet security software to their customers. It would appear that both sectors are more willing to invest in securing their own systems, rather than investing in securing their customers’ systems,” the survey said.
Stefan Tanase, senior security researcher at Kaspersky Lab, told ToI, “.… The cyber threats grow not only in numbers, but in sophistication as well which illustrate the level of skills cybercriminals already have at their disposal. Combined together, it is true to say that no online shop or online payment system is 100% safe. This doesn’t necessarily mean that they or their users will always lose money but protection of user credentials and protection of transaction on client’s side is something that is often overlooked, resulting in a much higher frequency of fraud incidents with phishing and malicious software activity on users’ devices.”
BOX
For graphic
- 48% of e‑commerce/online retail businesses and 41% of financial services organizations lose some type of finance-related information to cyber criminals
- 53% of these businesses don’t have immediate plans to plug the loopholes and make customer data safe
- Only 71% of financial services businesses and 62% of e‑commerce retailers have adopted specialized fraud protection for endpoints following a data breach
Source: Times of India