Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

9/22/2014
12:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Federal Regulations on Cyber Security Lead to Revenue Loss, Business Disruption and Loss of Productivity in Financial Services Sector, Radware Survey Finds

New survey published.

Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, released a new survey which finds that even though 87 percent of those surveyed in the financial service industry agree that current regulatory changes are very important or critical to keeping their companies and industry secure, these new federal guidelines were having an adverse impact on their businesses.

Survey respondents revealed that revenue loss (58 percent), business disruption (57 percent) and productivity loss (54 percent) ranked highly as the biggest consequences of new federal guidelines for the financial services sector. Four in ten respondents stated that federal regulations were adversely affecting bottom line results, causing a significant impact to IT CAPEX and OPEX. The survey also uncovered that while nearly all claim to be very or somewhat familiar with new guidelines, a substantial number, both in financial services and other industries, are still unaware of the specific regulations that would impact their business such as the Federal Financial Institutions Examination Council (FFIEC) Joint Statement on DDoS Cyber Attacks and Risk Mitigation.

Radware commissioned an in-depth survey from IDG Research Services, a leader in technology and media research, to gauge how changes to federal guidelines regarding application and network security have impacted medium to large businesses in the United States. Chief among the respondents were CIO/CTOs representing the financial services industry with global annual sales of $5 billion or more.

“Radware conducted this survey to investigate what organizations are doing in response to current regulatory changes that essentially were enacted to safe-proof their networks from future, potentially even more detrimental attacks,” said Carl Herberger, vice president of security solutions for Radware. “While companies are taking the right steps to adjust to the ever-changing regulatory landscape, institutions need to be better informed on the specifics of new laws in order to implement the most cost- and resource-efficient measures.”

In order to manage new guidelines, respondents cited investing in new or specialized technologies as the most common approach (53 percent) to currently dealing with these issues, followed by changing security processes, protocols and mandates (49 percent) and creating new security models (47 percent). 43 percent said they assigned extra budgets, with an average increase of 14 percent to address new federal regulations.

“Companies are implementing numerous strategic changes in order to remain compliant with new regulations and guidelines,” says Janet King, senior vice president, IDG Research Services. “Despite the significant cost to their businesses, most respondents agree that regulatory changes are critical in keeping data and personal information safe from the wrong hands.”

Results also show that escalated expenditures and resources were not the only concern. 86 percent of financial services respondents are more concerned about the possibility of cyber-attacks than non-financial organizations, and yet a third believe their businesses are ill-prepared to safeguard against them.

A small amount of respondents stated their business does not have a strategy for protecting against distributed denial of service (DDoS) attacks (eight percent) – a common attack vector employed by hackers.

“It is imperative that companies, not just the financial services industry, do everything in their means to not only mitigate cyber threats, but also to comply with emerging industry regulations in order to optimally protect their networks, applications and data – and most importantly, their customers,” added Herberger. “Although these responses quantify the growing importance of network security and indicate a clear desire for regulation, there is still more needed to be done in terms of cyber security education and implementation across all industries. By learning from other industries and working with peers, companies can implement technology and protocols that reduce the risk of a cyber attack while limiting the impact to their bottom lines.”

Other key findings from Radware and IDG’s latest survey include:

·         Unauthorized access (48 percent), theft of IP (47 percent), sabotage (47 percent), and worm and virus damage (46 percent) are the most harmful attacks to the business

·         Loss of revenue (39 percent) tops the list of negative outcomes resulting from a cyber attack, followed by loss of customers (38 percent)

·         63 percent of respondents indicated a willingness to adopt application and network security best practices from another industry

·         80 percent of respondents place a critical or very high degree of importance on the federal government imposing stricter regulations around application and network security

·         84 percent expect network and applications security to be more tightly regulated by the government over the next 12 months

·         35 percent expect the frequency of cyber attacks to increase over the next year, while 44 percent anticipate the number of attacks to remain the same

·         58 percent of survey respondents have filled out a Security and Exchange Commission questionnaire for compliance in the past 12 months

To access the survey findings, including methodology and research objectives, please visit: http://www.radware.com/idg-2014/

THIS PRESS RELEASE AND THE IDG SURVEY ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT OR FUTURE PERIOD.

About Radware

Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

Radware encourages you to join our community and follow us on: FacebookGoogle+LinkedInRadware BlogSlideShareTwitter,YouTubeRadware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.

About IDG Research Services

IDG Research Services specializes in marketing and media-related research for technology marketers. As a division of International Data Group (IDG), the world's leading technology media, research, and event company, IDG Research Services brings the resources and experience of a large, global company to its clients in the form of a small, customer-focused business. For more information please visit our website.

©2014 Radware, Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners.


This press release may contain statements concerning Radware's future prospects that are "forward-looking statements" under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. These statements are based on current expectations and projections that involve a number of risks and uncertainties. There can be no assurance that future results will be achieved, and actual results could differ materially from forecasts and estimates. These risks and uncertainties, as well as others, are discussed in greater detail in Radware's Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange Commission. Forward-looking statements speak only as of the date on which they are made and Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the Securities and Exchange Commission's website at www.sec.gov or may be obtained on Radware's website at www.radware.com.

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.