We’ve extracted and summarised the salient points from the latest State of Application Security Report for Financial Services. If you wish to read and download the whole report from Arxan you can do so here.
Financial services organizations are among the top targets of hackers seeking high-value payment data, intellectual property, and other sensitive information.
- Forty-one percent of mobile finance app users expect their finance apps to be hacked within the next six months
- 50% of organizations have zero budget allocated for mobile app security
- Employee, customer, and “soft” IP data are the top three targets of cyber-attacks in the financial services market
- theft of “hard” intellectual property soared 183% in 2015
Vulnerability assessments were conducted on 55 mobile finance apps in the US, UK, Germany, and Japan. ￼The vulnerability assessments were based on the Open Web Application Security Project (OWASP) Top 10 Mobile Risks. Here is what they found:
- 92% of the mobile finance apps tested were not addressing at least two OWASP Mobile Top 10 Risks
- Lack of binary protection (98%) – this was the most prevalent vulnerability
- Insufficient transport layer protection (91%).
These vulnerabilities make applications susceptible to reverse-engineering and tampering, in addition to privacy violations and identity theft.
For financial service organisations:
- Strengthen the weakest links
- Make security a source of competitive advantage
- Align spending with risks
- Get apps only from authorized app stores
- Don’t jailbreak or root mobile devices
- Demand more transparency about the security of the apps you are using
If you wish to read and download the whole report from Arxan you can do so here.