Prevention is better than cure, even in cybersecurity.
Kaspersky Lab says financial companies should focus more on preventing cyber threats rather than being prepared to mitigate its possible impact to businesses’ networks and data.
This is after a survey conducted by Kaspersky Lab, in cooperation with B2B International, found that about half of banks and payment systems prefer to handle cyberincidents when they happen, rather than invest into tools with which to prevent them.
“Relying solely on mitigating the negative consequences of fraud is similar to trying to treat the symptoms of an illness rather than its root cause. The symptoms will recur, and the illness will progress. In this respect, Kaspersky Lab recommends that you do not forget how important prevention is,” said Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab.
The survey titled IT Security Risks Survey 2015 was done among company representatives to find out their attitudes towards information security, including financial companies’ policies towards protection from online fraud.
The survey involved more than 5,000 company representatives, including 131 banks’ and payment services’ representatives, from 26 countries.
During the survey, 48% of financial organizations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely.
Moreover, 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.
According to the responses given by the surveyed bank representatives and payment service operators, whenever a cyberfraud incident involving a client’s account occurs, only 41% of organizations necessarily take measures to prevent such an incident from re-occurring in the future. 36% of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses.
The most popular policy among companies is to try to find out who was behind the attack: two thirds (66%) of financial organizations do this.
“Many of the world’s leading banks have acknowledged this and have implemented ‘root cause fraud prevention’, but alarmingly many still rely on ‘reactive fraud detection’.“Each year, cybercriminals invent more and more sophisticated methods of attack, and if the banks do not have preventive measures in place, it enables further growth in the numbers of financial cybercrime and increased losses,” Hogan added.
Kaspersky Lab’s experts recommend that banks and payment services use comprehensive online fraud protection methods to protect the bank’s clients at several levels.
One such method is the Kaspersky Fraud Prevention platform which includes threat control tools installed on client devices, as well as the server component located within the bank’s information infrastructure.
Through the special code imbedded into the bank’s web-page, this component can remotely detect a client device infection. See this document to learn more about this platform’s operation principles.