by Michael Crawford
JULY 15, 2005
SYDNEY -- Recent data losses at financial institutions has increased
industry concerns about unauthorized access, according to Deloitte's
2005 Global Security Survey released this week.
The survey of global financial institutions found a 21% increase over
last year in concerns about unauthorized access to personal
information. It was rated an area of concern by 83% of all
Kevin Shaw, Deloitte security service Asia Pacific leader, said the
high level of fear reflected the fact that breaches of customer
privacy had the potential to undermine trust in financial institutions
at a most fundamental level.
"There is a lot of focus now on addressing these issues, but storage
of credit card numbers is a process of policy and procedure. The
CardSystems breach was a result of failure by [the company] to follow
its own policy and it was using the data in ways it should not have
when it got hacked; there isn't a technical solution for this," Shaw
"The growth in external attacks has slowed because financial
institutions have become far more effective at deploying technological
defenses such as intrusion detection, antivirus solutions and content
filtering and monitoring, which means criminals have shifted their
focus from technology attacks to human behavior and gaps in policy
enforcement and governance.
"They now prey on staff in financial institutions and their customers
and any weakness they can find in human behavior."
Shaw said Australian banks are performing well by global standards,
particularly with staff training and threat awareness.
However, financial institutions worldwide are struggling to keep pace
with the changing nature of IT security attacks.
Shaw said the role of a chief privacy officer is integral to combating
the security landscape.
"At a global level, only 49% of respondents had established the role
of chief privacy officer, although 5% acknowledged that they would
have one by the end of the year," Shaw said.
"In Australia, most of the large financial institutions indicate they
have some form of a privacy officer function. However, it is becoming
increasingly critical that they consider an investment in a chief
privacy officer with appropriate funding and authority."
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.