Computerworld Australia - SYDNEY -- Recent data losses at financial institutions have increased industry concerns about unauthorized access, according to Deloitte's 2005 Global Security Survey.
The survey of global financial institutions found a 21% increase over last year in concerns about unauthorized access to personal information. It was rated an area of concern by 83% of all respondents.
Kevin Shaw, Deloitte security service Asia Pacific leader, said the high level of fear reflected the fact that breaches of customer privacy had the potential to undermine trust in financial institutions at a most fundamental level.
"There is a lot of focus now on addressing these issues, but storage of credit card numbers is a process of policy and procedure. The CardSystems breach was a result of failure by [the company] to follow its own policy and it was using the data in ways it should not have when it got hacked; there isn't a technical solution for this," Shaw said.
"The growth in external attacks has slowed because financial institutions have become far more effective at deploying technological defenses such as intrusion detection, antivirus solutions and content filtering and monitoring, which means criminals have shifted their focus from technology attacks to human behavior and gaps in policy enforcement and governance.
"They now prey on staff in financial institutions and their customers and any weakness they can find in human behavior."
Shaw said Australian banks are performing well by global standards, particularly with staff training and threat awareness.
However, financial institutions worldwide are struggling to keep pace with the changing nature of IT security attacks.
Shaw said the role of a chief privacy officer is integral to combating the security landscape.
"At a global level, only 49% of respondents had established the role of chief privacy officer, although 5% acknowledged that they would have one by the end of the year," Shaw said.
"In Australia, most of the large financial institutions indicate they have some form of a privacy officer function. However, it is becoming increasingly critical that they consider an investment in a chief privacy officer with appropriate funding and authority."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts