International Finance
In the News

Banks leave customers open to more outages through code vulnerabilities

Veracode, financial services, cybersecurity, leakage attacks, EMEA
A significant 67% of current applications used by banks are at risk from information leakage attacks, wherein an application reveals sensitive data that can be used by an attacker to exploit a web application or its users

Veracode’s latest State of Software Security report revealed financial services is one of the slowest industries when it comes to addressing common vulnerabilities found in software. The global report found financial services companies took 29 days to address a quarter of their vulnerabilities in coding—and over a year—573 days—to remediate all open vulnerabilities. It also ranked as second to last of all other sectors in terms of speed to complete flaw remediation. 

This is worrying given the IT outages occurring within the global financial services industry.   

In spite of this, Veracode’s report did reveal that the largest population of applications scanned came from the financial vertical. While financial organisations tend to have the reputation of having some of the most mature overall cybersecurity practices, Veracode’s data shows they struggle like the rest to stay on top of application security. The industry ranked second to last in the major verticals for latest scan OWASP pass rate, and based on the flaw persistence analysis chart, it is leaving coding flaws to linger longer than other industries. 

Even as it is prolific at testing, the financial sector tests almost as many apps as the technology sector, the sector in general is still slow in responding to responding to open vulnerabilities. Additionally, the banking sector addresses the first half of its open flaws slowly, but it starts to pick up speed once it passes the halfway point.  

“Since financial institutions and banks hold highly valuable information and critical assets, they will continue to be a target of cybercriminals and malicious hacking,” said Paul Farrington, Director of EMEA and APJ at Veracode. “Our data shows the financial services sector scanning a huge volume of applications and finding flaws that need fixing. While that is encouraging, the next frontier is achieving greater speed in fixing those flaws because speed matters. The speed at which organisations fix flaws they discover in their code directly mirrors the level of risk incurred by applications. The sector should consider all dimensions of risk to prioritise which flaws to fix first.”

It’s a tough job for banks to coordinate cybersecurity awareness so it’s at the forefront of employee’s minds. The sluggish speed to which banks initially respond to vulnerabilities could be an indication of bureaucracy that may impede initial progress, but which is likely overcome once security teams and developers collaborate more to cut through the red tape. 

What's New

Blockchain technology is vital to Smart Dubai implementation

International Finance

Citi, Goldman Sachs, HSBC and Samba likely to be part of Aramco IPO

International Finance Desk

Tesla sued by Walmart over faulty solar panels

International Finance Desk

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.