Financial firms hit by internal attacks

Financial services firms are facing more internal security breaches than external hacking and virus attacks, according to consultancy firm Deloitte.

Overall, the company's 2005 Global Security Survey found that security officers are doing a better job of defending their companies. Less than a third (28 per cent) of respondents experienced an IT security breach in the last 12 months, a fall of 55 per cent since last year.

Although finance companies have seen fewer external attacks, internal breaches more than doubled from 14 per cent last year to 35 per cent this year.

Mike Maddison, director of security services at Deloitte, said: "Financial institutions have dramatically reduced the number of external attacks by protecting themselves with antivirus software and content filtering, particularly at the perimeter of their networks.

"There's been an emphasis for some time on the never-ending battle to secure the corporate perimeter. As a result technological loopholes are being closed but the hackers' tactics have now shifted towards manipulating human behaviour as we've seen from the explosion in phishing attacks."

Of the 100 financial senior security officers surveyed, 65 said they had trained employees how to identify suspicious activity but only six per cent did this at staff inductions. Less than half (46 per cent) said they had awareness initiatives for employees scheduled for the next 12 months. The survey found that, when it comes to security spending, 64 per cent of the budget is spent on technology compared to 15 per cent for employee awareness and training.

Almost three-quarters of respondents outsource at least one IT job but around one in three fails to conduct regular assessments of the outsourcer's compliance credentials.

Maddison added: "I think that the proportion of internal attacks has increased more than we'd expected. Again, this comes down to making sure you properly vet staff, your patching is up to date, and antivirus is deployed effectively."