The Fraud Blog with Tracy Kitten

Electronic / Mobile Payments Fraud , Governance , Incident & Breach Response

Breaches: Why Are U.S. Banks, Retailers Frequent Targets?

Verizon Report Finds These Sectors Had the the Most Incidents
Breaches: Why Are U.S. Banks, Retailers Frequent Targets?

The U.S. financial services and retail sectors had more data breaches in 2015 than any other business sectors worldwide, according to Verizon's 2016 Data Breach Investigations report. Despite continued efforts to shore up security to protect payment card data and other financial information, these two sectors are still the frequent targets of hackers, the report finds.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

The two U.S. sectors reported a total of 1,165 security incidents in 2015, of which 441 resulted in breaches, Verizon reports.

"The U.S. is the primary target because the U.S. economy and its supporting systems are so vast, open, competitive and relatively 'rich'." 

Why were there so many breaches reported in these two sectors, compared with others worldwide? Well, it could be that U.S. businesses are more likely to report breaches than those in other parts of the world, where breach notification requirements are less stringent. Or, it could be that these U.S. sectors are targeted because they have so much information that hackers want, says Tom Kellermann, CEO of security firm Strategic Cyber Venture.

"They are targeted more often as cybercriminals recognize that money is digital and more traditional criminals are becoming cyber-enabled due to the widely available exploit kits," he adds.

Avivah Litan, a financial fraud expert who's an analyst at the consultancy Gartner, sums it up this way: "The U.S. is the primary target because the U.S. economy and its supporting systems are so vast, open, competitive and relatively 'rich' - there are lots of assets, information and money to be stolen. And the U.S. has more stringent disclosure laws than other countries do."

Shoring Up Security

In an interview with my colleague Mat Schwartz, Laurance Dine, managing principal the investigative response team at Verizon Enterprise Solutions says hackers are still successfully penetrating banks' and retailers' networks.

"We are seeing improvements in security in moving money on the financial industry side, and retail is getting better, too," Dine says. "Based on the investigations I'm doing, we are seeing better security around the crown jewels, but we're still seeing [hackers] getting into those environments."

One critical issue, Dine says, is that too many employees have access to too much data. "That's kind of what we're trying to build awareness around - people having access to data that they don't necessarily need," he says.

Dine says organizations need to make breach prevention training more of a priority, so that employees understand that they are the "first line of defense."

One encouraging finding in the latest report from Verizon is that the financial services industry, and increasingly the retail sector, is investing more in fraud and breach detection systems that are helping them detect incidents sooner. And the sooner an incident is detected, the more quickly risks associated with it can be mitigated.

If banks and retailers can detect incidents sooner, and share more critical and timely information with peers and law enforcement about the types of attacks that are being waged, then the risks associated with those attacks can be promptly mitigated.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.