According to a new survey commissioned by F5 Networks, financial services organisations across EMEA are increasingly exposed to and concerned about the rising menace of web fraud threats. IT decision-makers revealed how they constantly face significant financial and reputational hits due to malware, phishing, credential grabbing and session hijacking attacks, prompting soaring demand for multi-layer web and mobile fraud protection solutions.
Further findings of the survey stated that 48 percent of organisations had experienced financial losses between £50,000 and £500,000 stemming from online fraud within the last two years. Nine percent forfeited more than £500,000 and three percent over £1 million.
73 percent cited reputational damage as the main concern for such attacks, whereas 72 percent feared loss of revenue and the burden of requirements to conduct extensive security audits. Other major negative impacts included decreased customer confidence and loyalty (64 percent) and potential fines by regulatory bodies (62 percent).
“Whether it is phishing attacks, Man-In-The-Middle, Man-In-The-Browser or other Trojan-based activities such as web injections, form hijackings, page modifications and transaction modifications, the dangers of web fraud are unavoidable and extensive for organisations of every stripe,” said Gad Elkin, EMEA Security Director at F5.
“More than ever before, it is vital to understand the nature of the threats and to implement solutions that eliminate attacks before they do real damage. Those that get it right will be rewarded with customer loyalty and profit. Those that don’t risk incurring the very thing that they are most concerned about: damage to their reputation.”
Over 35 percent of respondents claimed to have suffered fraud losses from a variety of online attacks. Malware was the main culprit (75 percent), followed by phishing (53 percent), credential grabbing (53 percent) and session grabbing (35 percent).
When it came to defence strategies, 37 percent of all organisations surveyed said they preferred web fraud defence using hybrid solutions that combine on- and off-premises provision. That figure rose as high as 59 percent for organisations with over 5,000 employees.
55 percent of respondents claim to have adopted multi-layer fraud prevention solutions. Endpoint embedded solutions were the most popular (62 percent), followed by page navigation analysis to identify suspect navigation patterns (59 percent), and entity link analysis of relationships between users, accounts and machines to detect criminal activity and/or misuse (59 percent). Solutions yielding user behavior analytics and comparison for specific channels also featured prominently (55 percent).
Most budget spend was allocated for web channel fraud protection (52 percent) and mobile fraud protection (36 percent).
Against this backdrop, Elkin explained how there is a growing appetite for solutions with clientless online fraud protection capabilities. These enable organisations to arm any device in real-time against all varieties of online threats without the user having to do anything, extinguishing the danger of instances like malicious HTML code or script injections. This includes recent threats such as the Dyre malware, which has a broad range of capabilities that make it one of the most dangerous banking Trojans around today. “Fraudsters continue to evolve and exploit the weakest link: the end user,” explained Elkin.
“Organisations are advanced in their approach to protecting the data centres, implementing multi-factor authentication and protecting applications via server-side controls. Nevertheless, many have failed to effectively secure the end-point where users interact with web applications.”