Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Application breaches are rising: How can the finance industry prepare itself?

Application breaches are rising: How can the finance industry prepare itself?

Rusty Carter, Vice President of Product Management at Arxan Technologies 

At the beginning of May 2018, together with Ponemon, Arxan Technologies announced the findings of our 2018 Global Study on Application Security, surveying nearly 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific.

The aim of this study was to understand the risks that unprotected applications pose to businesses when running in unsecured environments and how those businesses are addressing this risk.

The findings

Rusty Carter

Rusty Carter

The results of this survey indicated a predominant global issue: application breaches are rising and so are the security risks of running business critical apps in zero-trust environments. However, companies are not adequately investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue.

Our study showed that nearly 75% of organisations are likely, most likely, or definitely have experienced a material cyber-attack or data breach within the last year due to a compromised application. However, it turns out only 25% of organisations are making a significant investment in solutions to prevent application attacks, despite awareness of the negative impact of malicious activity.

Why is an unprotected application so risky? 

The majority of applications will contain some sort of personal identifiable information, such as name, age, email address, etc. Within the financial sector, these apps will almost certainly also contain payment details. In addition to this, applications are hosted on a device containing other applications and other personal or confidential details. This makes them a big target for hackers.

If a cybercriminal were to hack into an application, he or she would have access to all the above, as well as the ability to create a malicious version of that particular application.

Therefore, application protection and security are a must.

Cost of a data breach 

Data breaches, whoever they are suffered by, are a big deal.

The average data breach costs a business almost $4 million. This does not only relate to loss of revenue but other incremental losses including; loss of customer trust, the impact to operations, and ever-increasing insurance costs. Threats are only getting worse, nevertheless, if companies – particularly those within the financial industry – change the way they think about investing in application security, they will be much better protected and at much less risk of data breaches and their associated losses.

Threats to the financial industry

The finance industry is one of the most obvious targets for cybercriminals due to the sensitive nature of its data, its use of banking apps, as well as of course its direct access to, or handling of, money.

Earlier this year the finance industry was threatened by Meltdown and Spectre, during which even the most well-written banking apps were exposed to loss through the vulnerabilities. The industry suffered an increased risk of customer data such as account numbers and user credentials being exposed. The industry was shaken by this vulnerability threat and many responded by improving their cybersecurity strategy, however, more still needs to be done. Some organisations do continue to use unsecured applications and, unfortunately while they do so, we cannot be certain a similar threat will not come back to haunt the world of finance.

How can companies change their strategy? 

Companies underestimate the threat vectors created by the widespread use of mobile applications. It is a relatively simple task to reverse engineer a mobile application giving access to IP, business logic or communication protocols. Many companies use encryption in the belief that this will give them enough protection, but they are wrong – it’s not enough. Companies believing that encryption provides a locked door against hackers are being lured into a false sense of security.

One of the most effective ways of protecting applications from the ever-growing cyber threat is through specific capabilities such as threat analytics. The real-time detection and reporting of threats to an application from the moment they are deployed is critical to adapting everything from application protection, to network and other datacentre defences, and that is exactly what threat analytics does.

Put simply, threat analytics provides visibility. It allows business owners to see who, how and from where applications are being attacked while those attacks are in progress. It also has the ability to rapidly deploy proactive countermeasures before an attack is completed or becomes widespread.

Other protection, which is highly recommended for banks and other financial institutions to implement as part of a standard security strategy, includes obfuscation and anti-reverse engineering and anti-tampering. By taking these precautions the threat of attack, and the consequential stealing of data and personal identifiable information, is reduced.

Changing the traditional mindset

It is disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring. As mentioned above, at the moment only 25% of respondents say their organisation is making a significant investment in solutions to prevent application attacks. This is not enough. Companies, both in the financial industry, and many others, have to change the way they think about investing in app security because threats are only going to get worse.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now