Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

Where Should Finance Companies Invest Their Security Budgets in 2016?

As the world of finance looks back on a rough year of cybercrime in 2015, it is also looking ahead to which types of investments it needs to make to avoid a similar fate this year.

According to one study, financial services firms are hit by security incidents 300 times more frequently than other businesses. The 2015 Trustwave Global Security Report found that the finance industry is being targeted heavily by hackers, bested only by retail, beverage and hospitality.

None of this is necessarily surprising considering the valuable personal data and intellectual property handled and stored by these companies. Still, somewhere along the way, an industry that many believed to be the most security-mature all of seems to have lost its way, especially once you move away from the largest players and toward small and midsize firms - many of which lack the necessary in-house security skills and other resources to remain protected.

But with heightened threats, increased risks and tougher regulations, even some of the world's largest banks have already committed to accelerated timelines and security investments on a mammoth scale. As a result, professional services firm PricewaterhouseCoopers projects financial service businesses will increase their cybersecurity spending by $2 billion over the next 24 months, and the U.S. government predicts that the finance market will be the fastest-growing non-government cybersecurity market over the next four years.

The question, then, is which solutions will see increased investments and where should finance firms focus their efforts for the greatest return? The answer could serve as a major indicator of where other industries will spend their security dollars. After all, where the big banks set the trend, others often follow.

Generally speaking, preventative technologies still top the list. But encouragingly, companies are placing increased importance on solutions and managed services that help monitor, detect and respond to threats and cyberattacks.

Early Detection Should Be Your Next Priority

Spotting an incident early is essential for businesses to protect themselves from the fiercely clever malware designed specifically to obfuscate and control systems in the finance sector.

Early detection and appropriate response can mean the difference between data protection and data loss amounting to millions. If you thought your systems were capable of detecting a breach quickly and you had a proper plan in place to respond to an incident, check again. Trustwave discovered that 81 percent of victims failed to detect a breach themselves and that it took a median of 111 days from detection to containment - stretching to 4 ½ years in some cases. The sooner a company can detect and react to a threat, attack or compromise, the fewer repercussions - including costs - it will face. And for an industry that whose currency is money, money, money, that's something that financial firms can surely get behind.

Visit here to learn how Trustwave can help financial firms of all sizes take back their security.

Jane Dotensko is Trustwave marketing manager in EMEA.