After weeks of company focus to resolve a massive Internet security breach, Sony Corp. Chief Executive Howard Stringer said that he could not guarantee the security of the company’s videogame network or any other Web system in the “bad new world” of cybercrime. “It’s the beginning, unfortunately, of the shape of things to come,” said Mr. Stringer. “It’s not a brave new world; it’s a bad new world.” In the April 2011 breach, an estimated 100 million user accounts were compromised, and analysts have estimated that the breach will cost the company as much as $1 billion. The lesson? May 2011: “We’ve learned that we just have to keep improving our security.”

We depend increasingly on information from our financial services providers at our fingertips, but that information in the wrong hands can be disastrous. New headlines of website attacks and corporate data breaches are on the rise, with leading financial services brands being a key target by unknown malicious groups. While threats to network and information security have existed since the dawn of the information age, the complexity and scale of attacks have exploded in recent years, and cybercrime has risen to the level of a national security threat, according to a National Security Council report issued in July of this year. More new malicious code vulnerabilities were introduced in 2008 than in the previous 20 years combined. That number was surpassed in just the first half of 2009, with a new threat signature appearing every 8 seconds. Security firm Sophos estimates that a new Web page is infected every 3.6 seconds. And according to the Web Application Security Consortium, more than 87% of Web applications currently carry a vulnerability classified as high risk. Today’s estimates place the median annualized cost of cyber crimes at $5.9 million per year, with a range of $1.5 million to $36.5 million each year per company. Cyber attacks have become more commonplace, with a 44% frequency increase in attacks per week, today compared to last year.

Unfortunately, traditional perimeter defense products have not kept pace with the rapid growth in risk. Most large enterprise firms assume they are prepared with an arsenal of different threat-specific point solutions such as firewalls, intrusion prevention systems, and network scanning solutions. Unfortunately, these traditional, rigid, centralized defenses do not provide a layered, holistic monitoring scale necessary to combat the outsized and adaptive threats facing today’s IT infrastructure. In fact, many of the most threatening attacks today come in looking like legitimate transactions.

In light of critical IP-based applications such as online banking and credit card access, financial services companies should embrace the distributed nature of the Internet, using its scale and flexibility to their advantage when implementing a defense-in-depth strategy. Defense in-depth means deploying overlapping layers of security that employ a diverse set of tactics to protect against threats. Cloud-based security, possibly incremental to existing enterprise security defense, provides a critical layer within this approach, helping to overcome traditional perimeter defense limitations. Not all cloud services are created equal, however. In order to use the unique strengths of the cloud to their advantage, enterprises must find security solutions that leverage a highly distributed, multi-network platform – one that can deliver massive scale at the edges of the Internet and protect core origin infrastructure by deflecting attacks closer to their source.

Business leaders must assume that the defenses in place now will not be sufficient next year, and they must be strategic in how they allocate their resources. Security technology alone is far from sufficient. Expertise, either in-house or via a strategic security partner, is essential to staying ahead of cybercriminals. Business leaders should establish a threat intelligence function to monitor trends and emerging threats that impact business. To compensate for limited visibility across the cyberthreat landscape, leading organizations should establish relationships with peers, industry groups, government agencies and vendors to source intelligence.

Help may be on the way in the form of new industry federal regulations being considered. “European banks will be ordered to inform customers immediately of any data security breaches, under legislation being drawn up by the European Commission.” In the meantime, the community must be more collaboratively open to new approaches in order to stay ahead of future security challenges. There is a large opportunity for key players at leading financial services firms to collectively benefit from increased conversations and more open dialogue around the evolving threat landscape, considered approaches and best practices. For major financial services firms, many with decades-old businesses, protecting an online brand is a significant part of the corporate mandate.

Paul Sop, CTO of Prolexic, a leader in global IP security, highlights the challenges today: “What is really wreaking havoc with these enterprises is how often the attackers can rotate attack vectors. Many organizations that believe themselves to be protected from web attacks are in fact unable to respond to the diverse methods being used.”

Talk with your current suppliers about network-based protections. You might be surprised to learn the ease and scale that can be applied to your business and keep your firm a step ahead of those entities who try to make the internet a dangerous place to meet your customers.

Justine Lupul, Financial Services Market Management, Level 3 Communications, ­­­­­720-888-2443;email: Justine.lupul@level3.com;web: www.level3.com.