The leader in online threat protection
Contact
 
   
 
 


Whitepaper
Downlod PDF Version

Internet - Threats, Risk Mitigation and Reputation Strategies
“The other side of the Coin”

Authored by:
Michael M. Kiefer, Senior Vice President
BD-BrandProtect

With insights from Susan Orr (www.susanorrconsulting.com), a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

It’s more than just reactively preventing unauthorized access to your data and meeting regulatory requirements, it’s also about taking proactive steps to preserve your online reputation.

INTRODUCTION

Over the last several years, financial institutions have spent billions of dollars and resources securing a perimeter defense system consisting of intrusion detection, intrusion prevention, firewalls, user authentication, and other layers of security all built to secure their financial systems. Due to the exponential increase in internal and external information security incidents, these investments are necessary to protect an institution’s reputation and revenue. In addition, the federal government is using regulatory means to ensure the banks take responsibility for potential losses.

Of equal or even greater threat, however, are the social aspects of the Internet that cannot be controlled. For example, financial institutions need to be aware of the reputational risk that is inherent on the Internet. Each institution needs to do more than reactively protect its data; it must also proactively safeguard its reputation online, where references to its corporate name alone can number in the millions. An institution must also guard against infringements against its logo, its trademarks or other graphic representations. This risk, outside the firewall, is the other side of the coin.

Given that criminals always go after the weakest link, layered security should be required – for both internal and external threats. Online customers with multi-use home systems are easily compromised and are now used to either attack institutions or as harvesters of personal identity and/or online accounts. Years ago, it was easy for an organization to see its brand being used locally in the yellow pages, on community signage or in an advertisement. To address the issue, the organization simply called the company and asked them to stop using their brand. Compliance was typically immediate. Today however, it’s not easy for an organization to find a Web site in China or Eastern Europe that is fraudulently using its logo, sending out e-mail messages and purportedly offering services that unsuspecting consumers believe are being offered by their trusted institution.

Over the last several years, the number of ‘phishing’ attacks on smaller financial institutions has escalated as the big institutions get better at fighting back. Still, they both have their customers and their access devices located outside the multi-billion dollar security perimeter. Yet, 90 per cent of security budgets are dedicated to building and maintaining this perimeter while only 10 per cent is allocated to external threats, including the protection of an institution’s online reputation. Would it not make sense to rethink this balance of spend in preventing both types of threats to security, given that criminals have moved to social engineering means?

TYPES OF THREATS

Most attacks to a financial institution’s Web site are referred to as phishing, which describes any attempt to criminally and fraudulently acquire sensitive information such as user names, passwords and credit card details. This typically happens by masquerading as a trustworthy electronic entity such as a Web site. Two things have to transpire. One, an alternate Web site has to be created, and second, an e-mail has to be sent with a link to that site. Newspapers are full of stories where this tactic has led to stolen account passwords and credit card numbers, and ultimately, unrecoverable financial loss. This risk is an example of a social engineering nature that tricks customers into giving up their confidential data. It is much easier to trick customers than break into an institution, given all the money spent on its perimeter.

1 | 2 | 3 | | 4 | Next
 
© BDProtect Inc. 2008 – Home | Solutions | About | Contact | Privacy | Site Map