State of Application Security Report – Precis

We’ve extracted and summarised the salient points from the latest State of Application Security Report for Financial Services. If you wish to read and download the whole report from Arxan you can do so here.

Key Findings

Financial services organizations are among the top targets of hackers seeking high-value payment data, intellectual property, and other sensitive information.

  • Forty-one percent of mobile finance app users expect their finance apps to be hacked within the next six months
  • 50% of organizations have zero budget allocated for mobile app security
  • Employee, customer, and “soft” IP data are the top three targets of cyber-attacks in the financial services market
  • theft of “hard” intellectual property soared 183% in 2015

Vulnerabilities

Vulnerability assessments were conducted on 55 mobile finance apps in the US, UK, Germany, and Japan. The vulnerability assessments were based on the Open Web Application Security Project (OWASP) Top 10 Mobile Risks. Here is what they found:

  • 92% of the mobile finance apps tested were not addressing at least two OWASP Mobile Top 10 Risks
  • Lack of binary protection (98%) – this was the most prevalent vulnerability
  • Insufficient transport layer protection (91%).

These vulnerabilities make applications susceptible to reverse-engineering and tampering, in addition to privacy violations and identity theft.

Recommendations

For financial service organisations:

  • Strengthen the weakest links
  • Make security a source of competitive advantage
  • Align spending with risks

For customers:

  • Get apps only from authorized app stores
  • Don’t jailbreak or root mobile devices
  • Demand more transparency about the security of the apps you are using

If you wish to read and download the whole report from Arxan you can do so here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s