A lack of comprehensive, practical, real-world cybersecurity testing is leaving gaps in the defense of major companies.
According to a new report from Accenture, Building Confidence: Solving Banking’s Cybersecurity Conundrum, found 78% of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event (cited 51%, 51% and 50%, respectively).
However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day, on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one-third were successful, that is, at least some information was obtained through the breach. In these instances, it took 59% of banks several months to detect breaches that occurred.
Additionally, nearly half of respondents cited internal breaches as having the greatest cybersecurity impact and 52% indicated a lack of confidence in their organization’s ability to detect a breach through internal monitoring.
While banks’ security teams detected a high number of each company’s breaches, virtually all of respondents said they learned about the remainder of the breaches from their own employees, pointing to the critical importance of establishing strong awareness, strengthening internal training programs and establishing effective internal escalation processes.
According to the report, developing and implementing the right governance model to drive a holistic approach to cybersecurity is critically important in strengthening a firm’s external and internal defense capabilities. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other.
The research also points to several areas where respondents foresee a significant skills shortage, including end-point / network security, incident response and vulnerability management (cited by 61%, 53% and 53%, respectively).