Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Application breaches are rising: How can the finance industry prepare itself?

Rusty Carter, Vice President of Product Management at Arxan Technologies 

At the beginning of May 2018, together with Ponemon, Arxan Technologies announced the findings of our 2018 Global Study on Application Security, surveying nearly 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific.

The aim of this study was to understand the risks that unprotected applications pose to businesses when running in unsecured environments and how those businesses are addressing this risk.

The findings

Rusty Carter
Rusty Carter

The results of this survey indicated a predominant global issue: application breaches are rising and so are the security risks of running business critical apps in zero-trust environments. However, companies are not adequately investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue.

Our study showed that nearly 75% of organisations are likely, most likely, or definitely have experienced a material cyber-attack or data breach within the last year due to a compromised application. However, it turns out only 25% of organisations are making a significant investment in solutions to prevent application attacks, despite awareness of the negative impact of malicious activity.

Why is an unprotected application so risky? 

The majority of applications will contain some sort of personal identifiable information, such as name, age, email address, etc. Within the financial sector, these apps will almost certainly also contain payment details. In addition to this, applications are hosted on a device containing other applications and other personal or confidential details. This makes them a big target for hackers.

If a cybercriminal were to hack into an application, he or she would have access to all the above, as well as the ability to create a malicious version of that particular application.

Therefore, application protection and security are a must.

Cost of a data breach 

Data breaches, whoever they are suffered by, are a big deal.

The average data breach costs a business almost $4 million. This does not only relate to loss of revenue but other incremental losses including; loss of customer trust, the impact to operations, and ever-increasing insurance costs. Threats are only getting worse, nevertheless, if companies – particularly those within the financial industry – change the way they think about investing in application security, they will be much better protected and at much less risk of data breaches and their associated losses.

Threats to the financial industry

The finance industry is one of the most obvious targets for cybercriminals due to the sensitive nature of its data, its use of banking apps, as well as of course its direct access to, or handling of, money.

Earlier this year the finance industry was threatened by Meltdown and Spectre, during which even the most well-written banking apps were exposed to loss through the vulnerabilities. The industry suffered an increased risk of customer data such as account numbers and user credentials being exposed. The industry was shaken by this vulnerability threat and many responded by improving their cybersecurity strategy, however, more still needs to be done. Some organisations do continue to use unsecured applications and, unfortunately while they do so, we cannot be certain a similar threat will not come back to haunt the world of finance.

How can companies change their strategy? 

Companies underestimate the threat vectors created by the widespread use of mobile applications. It is a relatively simple task to reverse engineer a mobile application giving access to IP, business logic or communication protocols. Many companies use encryption in the belief that this will give them enough protection, but they are wrong – it’s not enough. Companies believing that encryption provides a locked door against hackers are being lured into a false sense of security.

One of the most effective ways of protecting applications from the ever-growing cyber threat is through specific capabilities such as threat analytics. The real-time detection and reporting of threats to an application from the moment they are deployed is critical to adapting everything from application protection, to network and other datacentre defences, and that is exactly what threat analytics does.

Put simply, threat analytics provides visibility. It allows business owners to see who, how and from where applications are being attacked while those attacks are in progress. It also has the ability to rapidly deploy proactive countermeasures before an attack is completed or becomes widespread.

Other protection, which is highly recommended for banks and other financial institutions to implement as part of a standard security strategy, includes obfuscation and anti-reverse engineering and anti-tampering. By taking these precautions the threat of attack, and the consequential stealing of data and personal identifiable information, is reduced.

Changing the traditional mindset

It is disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring. As mentioned above, at the moment only 25% of respondents say their organisation is making a significant investment in solutions to prevent application attacks. This is not enough. Companies, both in the financial industry, and many others, have to change the way they think about investing in app security because threats are only going to get worse.