Financial firms are increasingly aware of security vulnerabilities, arising through inadequate code hardening or sophisticated attack vectors. Here follows a synopsis of articles by QA Media in 2019.
In 2019, regulators continued to examine cyber security risks to financial market infrastructures, with Monetary Authority of Singapore (MAS), the Bank of England and the Financial Conduct Authority announcing collaborative efforts to strengthen cyber security, for example.
“The average cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years,” stated Mark Carney, Governor of the Bank of England. “Cyber risk is not constrained by geographic boundaries, making international cooperation essential to address this growing threat.”
Limited executive-level visibility into cyber resilience is a top concern, with major high street banks suffering ten or more outages per month, on average. Some have begun to enlist ethical hackers to uncover and help fix vulnerabilities. Security assessments are often reactive, based on the State of Cyber Security 2019. Almost half of businesses have experienced a security issue with containers.
Financial services firms are investing £17,900 per company, on average and threats from foreign agents are expected to drive further increases.
“More prudent technology investments would reduce costs while improving banks’ and insurers’ overall cybersecurity resilience,” According to Chris Thompson, Global Security and Resilience Lead for Financial Services at Accenture. Unlocking the Value of Improved Cybersecurity Protection suggests that the frequency of cyber breach in financial services is higher than in other industries.
As QA becomes thoroughly embedded throughout a secure software delivery lifecycle, firms are adopting a test smart approach. Without effective, foundational automation, reactive security assurance creates software delivery bottlenecks.
“Improving our security posture [enables us to] release software more frequently,” said Raoul Hamilton-Smith, General Manager of Product Architecture and CTO for Equifax New Zealand.
A number of other partnerships and new product launches aimed at enabling financial firms to improve their security postures were also announced in 2019, including:
- Cloud Next from Infosys and Microsoft was launched, a real-time security and data threat management solution.
- Singapore achieved the status of a Certificate Authorising Nation.
- Trustwave formed a strategic alliance with Cyberreason to strengthen its security service using machine learning.
- NatWest began a three month trial of biometric cards, in partnership with Gemalto, Visa and Mastercard.
- Capgemini entered into a partnership with augmented identity provider Idemia to introduce a secure Internet of Things device management platform.
- Micro Focus acquired Interset to strengthen its cybersecurity business.
- Mastercard and the Global Cyber Alliance partnered to release a cybersecurity toolkit.
- Salt Security introduced a new DevSecOps platform, enabling firms to detect when APIs are being probed for weaknesses to exploit.
The State of Cyber Security 2019 highlighted the concerns of senior security officers with weaknesses arising from application programming interfaces (APIs). According to Roey Eliyahu, CEO of Salt Security, each API has unique vulnerabilities that need to be assessed: existing cybersecurity tools lack a granular understanding of how emerging threats target underlying API logic.
To combat rising cyber threats, financial firms should consider a spectrum of release frequency to reduce operational risk.