Home » Topics » Cybersecurity » Security vulnerabilities in the finance sector increase by over 400%

Security vulnerabilities in the finance sector increase by over 400%

Avatar photoby Nick Ismail

The number of security vulnerabilities detected in the financial services sector has increased by over 418% in the last four years, according to new research from global cyber security and risk mitigation expert NCC Group.

The company analysed vulnerabilities found in 168 financial services organisations using a number of different scanning methods. The results revealed that the number of security vulnerabilities detected within the sector has increased dramatically in recent years, rising from an average per organisation of 217 in 2013 to 910 in 2016.

>See also: Online banking and financial services: is the end-user protected?

Of the issues marked as high and medium risk, 24.7% were web application framework vulnerabilities within the software designed to support the development of web applications including web APIs, services and resources. This number had increased almost five-fold since 2013.

David Morgan, executive principal at NCC Group, said: “Although the type of scan used can impact the detection of vulnerabilities in certain categories, the sheer size of the increase in web application framework issues means that the rise can’t be entirely attributed to this.

“The sector is increasingly taking a digital-first approach to better engage with customers, and a consequence of this is organisations will be exposed to an increased number of security vulnerabilities, so it’s important that they are aware of the risks.”

>See also: The cyber security industry: on the front line

It was found that all of the high and medium risk web application framework vulnerabilities could be fixed by updating the affected platforms or tools. 98.2% of these vulnerabilities were mitigated by updating PHP, as the newest versions of the scripting language can mitigate a number of security bugs. Other fixes included updating ASP.net and Apache Tomcat, which are both used to power mission-critical web applications.

Morgan added: “Since they are a frequent target for cyber criminals, financial services companies should be continuously monitoring for vulnerabilities and regularly updating their software, particularly when these tools form the building blocks of what are often business-critical web applications.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Criminals
Cyber Security
Financial Services

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise