[Excerpted from Making the Business Case: Security Outsourcing in Financial Services, a new report published today in Dark Reading's Security Services Tech Center.]
Financial services institutions are the largest targets for fraudsters and organized crime. In an environment of budget cuts and layoffs, these organizations are looking for help -- and they're turning to outsourced security providers.
The threats are not new, and yet as a whole, the financial services industry has failed to stem the tide of financial crime perpetrated as a result of ineffectual security architectures that expose sensitive corporate and customer data. A new report from Dark Reading explores the evolving threats to financial services institutions and the technology strategies for preventing security incidents.
Despite the delicate nature of financial services institutions' security operations, many are seeking the expertise of outsourced security providers, including Internet and network service providers, full-service IT outsourcers, and managed security services and software-as-a-service providers.
Interestingly, even in the midst of a global economic downturn, financial services spending on risk management technologies is increasing. TowerGroup estimates global spending on risk management technologies, of which security is a part, at $24 billion in 2009. That number is expected to rise at a compound annual growth rate of more than 6 percent to $30 billion in 2012. Risk management, says TowerGroup, represents almost 7 percent of global spending on all technology in the financial services industry.
Even so, financial services institutions continue to be victimized by threats internal and external from criminals in search of sensitive information to sell on the black market. The first half of 2009 saw big names, such as the Federal Reserve Bank of New York, CheckFree Corp., and Merrill Lynch, end up in the headlines due to data breaches.
While techniques that exploit vulnerabilities in an individual channel such as phishing and pharming are still popular, financial criminals are now using these techniques in combination with social engineering to gather valuable data across multiple channels to commit cross-channel fraud. As the criminals get smarter and their attacks become more complex, so must security officers respond with improved prevention technology.
Threats to sensitive data, be it customer records, employee information, or corporate intellectual property, now come from so many different directions that they demand a multitiered risk management framework. The report explores the different types of security vendors and how they apply to different sized financial firms -- from Internet and network service providers to managed security service providers and full service security suites.
As important as security technologies are to preventing the loss of sensitive data, Dark Reading also recommends in its report the application of a business intelligence framework to lend transparency to security operations and to turn data into actionable intelligence.
While a security suite will gather information from a variety of different channels, products, users, and other business systems, the key is not just accumulating these mounds of data, but having a way to see through it all and expose the true threats to your business. A combination of predictive analytics, business intelligence tools, knowledge management, customer intelligence, and intelligent delivery will ensure an ROI on security outsourcing solutions.
But the many different security offerings available to a financial services provider can be overwhelming. Making sense of it all requires an understanding of the threats to the business and the appropriate response. To find out more about the threats to your institution and what you can do about them, download the full report from the Dark Reading Security Services Tech Center.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.