EMEA Financial Services Organizations Hit by Growing Web Fraud Threats

IT decision-makers across ten countries highlight financial losses and regulatory concerns due to spate of malware, phishing, credential grabbing and session hijacking attacks

STORY HIGHLIGHTS

• Almost half of surveyed organizations from UK, France, Germany, Italy, Spain, Netherlands, Sweden, Poland, UAE and Saudi Arabia experienced notable financial losses in past two years.
• 73% rate damage to reputation as biggest area of concern.
• Scale and complexity of problem driving appetite for multi-layer web and mobile fraud detection and protection.
• Growing preference for hybrid solutions at larger organizations.

EDINBURGH, Scotland, May 20th, 2015: Financial services organizations across EMEA are increasingly exposed to and concerned about the rising menace of web fraud threats, according to a new survey commissioned by F5 Networks1.

IT decision-makers revealed how they constantly face significant financial and reputational hits due to malware, phishing, credential grabbing and session hijacking attacks, prompting soaring demand for multi-layer web and mobile fraud protection solutions.

The survey found that 48% of organizations had experienced financial losses between £50,000 and £500,000 stemming from online fraud within the last two years. 9% forfeited more than £500,000 and 3% over £1m.

73% cited reputational damage as the main concern for such attacks, whereas 72% feared loss of revenue and the burden of requirements to conduct extensive security audits. Other major negative impacts included decreased customer confidence and loyalty (64%) and potential fines by regulatory bodies (62%).

“Whether it is phishing attacks, Man-In-The-Middle, Man-In-The-Browser or other Trojan-based activities such as web injections, form hijackings, page modifications and transaction modifications, the dangers of web fraud are unavoidable and extensive for organizations of every stripe,” said Gad Elkin, EMEA Security Director at F5.

“More than ever before, it is vital to understand the nature of the threats and to implement solutions that eliminate attacks before they do real damage. Those that get it right will be rewarded with customer loyalty and profit. Those that don’t risk incurring the very thing that they are most concerned about: damage to their reputation.”

Over 35% of respondents claimed to have suffered fraud losses from a variety of online attacks. Malware was the main culprit (75%), followed by phishing (53%), credential grabbing (53%) and session grabbing (35%).

When it came to defence strategies, 37% of all organizations surveyed said they preferred web fraud defence using hybrid solutions that combine on- and off-premises provision. That figure rose as high as 59% for organizations with over 5,000 employees.

55% of respondents claim to have adopted multi-layer fraud prevention solutions. Endpoint embedded solutions were the most popular (62%), followed by page navigation analysis to identify suspect navigation patterns (59%), and entity link analysis of relationships between users, accounts and machines to detect criminal activity and/or misuse (59%). Solutions yielding user behavior analytics and comparison for specific channels also featured prominently (55%).

Most budget spend was allocated for web channel fraud protection (52%) and mobile fraud protection (36%).

Against this backdrop, Elkin explained how there is a growing appetite for solutions with clientless online fraud protection capabilities. These enable organizations to arm any device in real-time against all varieties of online threats without the user having to do anything, extinguishing the danger of instances like malicious HTML code or script injections. This includes recent threats such as the Dyre malware, which has a broad range of capabilities that make it one of the most dangerous banking Trojans around today. “Fraudsters continue to evolve and exploit the weakest link: the end user,” explained Elkin.

“Organizations are advanced in their approach to protecting the data centres, implementing multi-factor authentication and protecting applications via server-side controls. Nevertheless, many have failed to effectively secure the end-point where users interact with web applications.”

1Survey conducted by IDG Connect (www.idgconnect.com) with more than 100 IT decision-makers at financial services organizations with more than 250 employees. The survey captures responses from the UK, France, Germany, Italy, Spain, Netherlands, Sweden, Poland, the UAE and Saudi Arabia

About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com. You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.