Most Financial Services Firms Are Not Focusing on Application Security

12
Most Financial Services Firms Are Not Focusing on Application Security

When several critical vulnerabilities are present in an application, the malicious actors have huge scope to mount a successful cyber-attack.

With the increased attacks on financial services institutions that are executed at the application layer, application security is a critical aspect to consider. This is more valid when consumers demand digital services and customer-facing apps are developed in-house.

Procedures like Agile and DevOps, along with the growing use of open-source code as well as APIs have to speed up the development process. It has enabled financial organizations to speed up digital transformation programs which had been planned for months or years.

Contrast Security has recently announced the findings of its recent study around the state of application security at financial services institutions. The company surveyed several professionals from the development, operations, and security teams and the results indicate that the security of the apps that have control over consumers’ finances is not a priority for most.

Also Check: Introducing the TOUGHBOOK S1 Developed to deliver all the features you want, and all the rugged you need

On the other hand, the financial services sector – which includes banking, investment, and insurance companies, has long been a target of the threat actors. Certainly, this has only accelerated due to the increased use of technology and gadgets amid the widespread pandemic.

When several serious vulnerabilities are present in an application, the cybercriminals have various scopes to mount a successful cyber-attack. Almost 98% of the professionals said they have experienced (at least) three successful application exploits in 2020 – which have caused an operational disruption or a data breach.

Shockingly, nearly 52% of organizations found 10 or more successful cyber-attacks over the past 12 months. As a result, almost 99% of the surveyed respondents (in organizations with more than 15,000 employees) peg the cost of each hit at $1 million or higher.

The high rate of fake positives combined with the lack of actionable information in scan reports gives rise to a major time sink for development as well as security teams. Nearly 81% of respondents reported that their application security teams devote three or more hours per false positive – in order to identify it as such.

Given the scenario where app security is a critical concern for companies, about 75% of professionals noted their application security budget is increasing this year. Another 24% indicated that the increase is more than 15%. While budgets are increasing, many of them do not have a solid strategy in place.

Hence, a crucial starting point is to ensure security while keeping up with the pace of development. In spite of this emphasis on application security, only 40% of enterprises place direct accountability for application security under the CISO. Indeed, application security plans have not matured at most firms.

Also Read: Re-engineering a Better CPaaS Solution for Security

In this context, Jeff Williams, CTO at Contrast Security explains, “The good news for institutions looking to build out their strategy is that implementing a modern application security platform can dramatically accelerate their program and produce real improvement quickly.”

He also added, “Instrumentation-powered application security can provide continuous security testing at a massive scale, providing highly accurate feedback to developers in real-time, empowering them to find and fix their own vulnerabilities without direct help from application security specialists.”

For more such updates follow us on Google News ITsecuritywire News