Financial institutions aren’t really all that different than Vegas casinos. From the perspective of an average customer, the bank exists to provide a service–someplace to store money, process credit or debit card transactions, and maybe earn half a percent of interest (woo hoo!). Behind that façade, though, the entire industry relies on taking calculated risk based on a careful analysis of the odds–also known as gambling.
The financial industry makes and loses money based on gambling every day, but according to a new survey from Kaspersky financial institutions also view cyber threats–and the security measures necessary to defend against them–through that same filter.
I wrote about the Kaspersky Lab report in this blog post:
Business is business. That means that business decisions often come down to pure dollars and sense, and result in actions and policies that seem to defy common sense. According to a new survey from Kaspersky Lab, that seems to be the case for many financial institutions when it comes to defending against cyber attacks.
Kaspersky Lab reports that 93 percent of financial institutions experienced some form of cyberthreat during the past year. Despite that clear and present danger, though, a fairly large percentage are still not doing enough to proactively protect customers against such attacks.
Consider other businesses faced with similar ethical dilemmas. The fans of a professional sports franchise want that franchise to win…a lot. All the time. But the franchise is a business, and it is very easy to run a profitable business by fielding a mediocre team. Last year the Houston Astros team was the worst in all of Major League Baseball, and it was the most profitable franchise in the history of the sport.
Manufacturers also go through a similar exercise. Defects or issues might be identified during development or production, but rather than rush to fix them the company will weigh the cost of fixing the problem against the likelihood that it will be a big enough issue for customers to complain, and what that might end up costing. In most cases, a company will take the gamble—running the risk of potential backlash later instead of accepting the guaranteed cost of actually dealing with the problem proactively.
Read the full story at CSOOnline: Kaspersky says financial institutions not doing enough fight cybercrime.