Financial services companies have always been a popular target for cybercriminals, according to cybersecurity experts at ESET, and for good reason, because they handle a lot of confidential customer data as well as money that criminals can use for various scams or sell in online black markets: Verizon The financial sector experienced more than 1,500 incidents in the last year alone, including 448 confirmed data thefts.
According to ESET experts, who handle business and home security software solutions worldwide, Sicontact Kft. , a Hungarian software distributor dealing with IT security, there are many reasons why companies are constantly struggling to create the right cybersecurity conditions.
One reason is that there are not enough cybersecurity professionals: although communication shows that for the first time in years, the cybersecurity labor shortage is on a downward trend, Globally, there are still 3.12 million professionals short of what is needed. To fill the global skills shortage, employment must increase by 41 percent in the United States and 89 percent worldwide.
Another advantage is that companies’ budgets are not sufficient to combat cyberthreats. In a survey by consulting firm EY, 87 percent of organizations surveyed responded that they did not have enough money to achieve the desired level of cybersecurity and resiliency. Due to lack of resources, companies cannot employ enough professionals or put in place technical measures that will make them resilient in the face of various threats.
Another common mistake companies make is overestimating their cybersecurity measures. Although they may think they are ready for everything, they may never be sure that the best vulnerability management guidelines are applied, and in many cases they don’t do everything against a serious vulnerability, and it may not take months to fix a published bug.
Another common reason that undermines corporate security is that employees do not receive adequate cybersecurity training: working remotely, for example, has increased the risk of employees downloading malware or releasing their credentials as a result of a scam. According to a study by the Ponemon Institute, although the number of cyber-attacks, phishing, and human-based social engineering attacks discovered by companies has also jumped, 24 percent of respondents felt that their organizations did not provide them with adequate training on the risks of remote work. : More than half of them do not have a safety policy for remote workers.
According to the analysis, one of the reasons is that Companies undervalue cybersecurity and instead invest in other areas they consider more worthwhile, such as financing expansion or developing new products. They argue that the costs outweigh the benefits, for example, the financial effects of cybersecurity measures outweigh the potential losses from data breaches. While the penalties and potential losses may be lower in the short term, the deterioration of the company’s reputation can lead to a greater loss in the long term, including loss of customer confidence, which also harms revenue sources. In addition, during the attack, cybercriminals can gain access to the intellectual property, which they can then sell on the dark web along with customer data, they wrote.