{"id":4477,"date":"2015-08-31T16:15:55","date_gmt":"2015-08-31T16:15:55","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4477"},"modified":"2019-11-15T13:56:39","modified_gmt":"2019-11-15T11:56:39","slug":"it-security-risks-survey-cyberfraud-report-mitigation-vs-prevention","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/it-security-risks-survey-cyberfraud-report-mitigation-vs-prevention\/4477\/","title":{"rendered":"IT Security Risks Survey cyberfraud report: mitigation vs prevention"},"content":{"rendered":"<p>The results of the recent IT Security Risks Survey 2015, conducted by Kaspersky Lab and B2B International, show that half of banks and payment systems prefer to handle cyberincidents when they happen, rather than invest in tools with which to prevent them \u2013 despite the costs difference.\u00a0The survey involved more than 5,000 company representatives, including 131 banks\u2019 and payment services\u2019 representatives, from 26 countries.<\/p>\n<p><strong>A multifaceted question?<\/strong><\/p>\n<p>Mitigation vs. prevention, reactive vs. proactive is an old, semi-philosophical question of different approaches. Do they have equal merit? Is it better to clean up or to disallow the problem? The answer, as the survey mentioned above shows, isn\u2019t immediately obvious for the decision makers.<\/p>\n<p>It\u2019s a common wisdom that it costs more to repair the damage from an incident than to take preventive measures. Recovery sums tend to skyrocket, since aside from direct damages caused by an attack \u2013 be that an indiscreet malware incident, a targeted attack, a fraud incident or DDoS attack \u2013 there are extra costs of external expertise, reputational losses and, in some cases, fines and class action suits from disgruntled clients.<\/p>\n<p>Fraud is a particular problem for banks and payment services: It literally costs <a href=\"http:\/\/www.pymnts.com\/news\/2015\/2014-fraud-spike-cost-u-s-retailers-32-billion\/\" target=\"_blank\" rel=\"noopener nofollow\">billions to the financial world<\/a>, possibly\u00a0<a href=\"http:\/\/www.theguardian.com\/technology\/2013\/oct\/30\/online-fraud-costs-more-than-100-billion-dollars\" target=\"_blank\" rel=\"noopener nofollow\">hundreds of billions annually<\/a>.<\/p>\n<p>Single successful operations such as <a href=\"https:\/\/business.kaspersky.com\/the-great-bank-robbery-carbanak-apt\/3598\/\" target=\"_blank\" rel=\"noopener nofollow\">Carbanak <\/a>may cost billions alone, even though operation of that scope are few and far between. But altogether, cyberfraudsters are extremely active and it doesn\u2019t look like they are going to calm down any time soon.<\/p>\n<p>At the same time, banks and payment services tend to think that addressing particular cases is more cost effective than preventing them altogether.<\/p>\n<p><strong>Survey figures<\/strong><\/p>\n<p>During the survey, 48% of financial organizations said they take measures to protect their clients from online fraud, aiming at mitigating the consequences rather than preventing incidents entirely. Moreover, 29% of companies believe it is cheaper and more effective to address cases of fraud as they occur, rather than to attempt to prevent them.<\/p>\n<p>According to the responses given by the surveyed bank representatives and payment service operators, whenever a cyberfraud incident involving a client\u2019s account occurs, only 41% of organizations take measures to prevent such an incident from re-occurring in the future. 36% of companies conduct an analysis of the vulnerability exploited in the attack, and 38% compensate the losses \u2013 something that users in most cases expect them to do while doing little to protect themselves.<\/p>\n<p>The most popular policy among companies is to try to find out who was behind the attack: two thirds (66%) of financial organizations do this. The success rate isn\u2019t specified, but it\u2019s unlikely to be very high.<\/p>\n<p>The reactive approach, according to Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab, is like \u201ctrying to treat the symptoms of an illness rather than its root cause. The symptoms will recur, and the illness will progress.\u201d<\/p>\n<p><strong>Kaspersky Fraud Prevention platform<\/strong><\/p>\n<p>Our Fraud Prevention platform is a comprehensive online fraud protection solution offered to banks in order to protect their clients at several levels. <a href=\"https:\/\/business.kaspersky.com\/kaspersky-fraud-prevention\/1493\/\" target=\"_blank\" rel=\"noopener nofollow\">Presented last year<\/a>, it includes threat control tools installed on client devices, as well as the server component located within the bank\u2019s information infrastructure. Through the special code embedded into the bank\u2019s web-page, this component can remotely detect a client device infection. In <a href=\"http:\/\/media.kaspersky.com\/pdf\/Kaspersky_Lab_Whitepaper-kfp-platfrom_ENG_final.pdf\" target=\"_blank\" rel=\"noopener nofollow\">this document<\/a>,\u00a0you can find a detailed description of the systems\u2019 operation principles, and in a short while we plan to take a closer look on the Kaspersky Fraud Prevention platform and its capabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The results of the recent IT Security Risks Survey 2015 show that half of banks and payment systems prefer to handle cyberincidents when they happen, rather than invest in tools to prevent them.<\/p>\n","protected":false},"author":209,"featured_media":15350,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[2336,80,552],"class_list":{"0":"post-4477","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cyber-incidents","10":"tag-fraud","11":"tag-kaspersky-fraud-prevention"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/it-security-risks-survey-cyberfraud-report-mitigation-vs-prevention\/4477\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/it-security-risks-survey-cyberfraud-report-mitigation-vs-prevention\/4477\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/it-security-risks-survey-cyberfraud-report-mitigation-vs-prevention\/4477\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/cyber-incidents\/","name":"cyber incidents"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/4477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=4477"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/4477\/revisions"}],"predecessor-version":[{"id":24532,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/4477\/revisions\/24532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15350"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=4477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=4477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=4477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}