U.S. Financial Institutions Remain Highly Susceptible to Hackers
NEW YORK – October 24th, 2017 --SecurityScorecard, the leader in security ratings, today released its 2017 FinancialCybersecurity Report. This comprehensive analysis explores cybersecurity vulnerabilities across 2,924 U.S. financial institutions including FDIC-insured banks, credit unions, investment banks, and other financial firms and compared results to other sectors. The financial industry placed third in cybersecurity performance out of 18 of the U.S. economy’s primary industries.
Among the report’s findings are the following observations:
- Despite having an overall high score as an industry, financial institutions (10%) still fall victim to breaches more than companies in the telecommunications (3%), transportation (2%), food (1%), manufacturing (1%), and pharmaceutical (1%) sectors combined.
- Forty-five percent of the financial firms scanned had at least one malware event between March and August 2017, a proof point that hackers frequently target the financial industry.
- The financial industry has difficulty maintaining third-party security risks that arise from the availability of leaked credentials and exposed passwords, as well as risks of social engineering posed by spear phishing and social network use with corporate email addresses.
- Only 25 percent of the top 20 FDIC-insured banks received an ‘A’ grade in DNS Health.
“The recent Equifax breach serves as a reminder that financial institutions, in particular, are businesses that are based on trust,” said Sam Kassoumeh, COO and Co-Founder of SecurityScorecard. “With customers becoming more informed on cybersecurity risks, it’s imperative for financial institutions to develop and maintain risk mitigation practices that foster good cybersecurity hygiene.”
The conclusions and rankings featured in the report are based on data derived from SecurityScorecard’s patented security ratings platform. Each U.S. financial organization was evaluated based on their overall security posture and security reaction time compared to their industry peers. The SecurityScorecard platform analyzes ten risk factors. Within each factor are unique data points scored and weighted to determine an overall factor grade. Each factor grade is then appropriately weighted and used to calculate an organization’s overall rating. The analysis provides details on the data breaches as part of a holistic view on the financial industry’s vulnerability to attacks.
For more information about these findings, download the full report. To receive a free SecurityScorecard assessment and consultation for your business, visit instant.securityscorecard.com.
Headquartered in the heart of New York City, SecurityScorecard’s vision is to help security professionals work collaboratively to solve mission-critical, cybersecurity issues in a transparent way. The company was founded in late 2013 by Dr. Aleksandr Yampolskiy and Sam Kassoumeh, two former cybersecurity practitioners who had served, respectively, as Chief Information Security Officer and Head of Security & Compliance. With cloud solutions becoming an increasingly integral part of the security technology stack, Yampolskiy and Kassoumeh recognized the need to address 3rd and 4th party risk as well as better understand the security capabilities of their business partners. Since its founding, the company has grown dramatically and now counts hundreds of leading brands as customers. SecurityScorecard is backed by leading venture capital investors including Sequoia Capital, GV, and Nokia Growth Partners among others. For more information, visit www.securityscorecard.com.