Study shows 60% of banks’ digital assets on wrong side of firewalls
Security specialist RiskIQ says the growth in digital business is producing an increasing threat to banks across the world, with the largest banks owning an average of 7,500 public facing digital assets – 60% of which are outside the company firewall.
RiskIQ also counted 1,777 mobile applications – an average of 51 per bank. Of these, only 5% of mobile applications were found in the official app stores (Googleplay, Apple, etc), with the rest hosted on secondary, tertiary, affiliate or foreign app stores.
Elias Manousos, chief executive of RiskIQ, said: “The two trends of externally hosted digital assets and the use of third party components highlights the changing security landscape that banks and other organisations are dealing with. As digital assets move outside of the corporate firewall, traditional security approaches become ineffective and the potential attack surface for the adversary grows. Today, effective defence begins with a full understanding of your digital footprint.”
The results were gathered by the RiskIQ platform, which continuously monitors websites and mobile application stores using web scale virtual user technology to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ inspected the web and mobile assets of 35 top banks, finding:
- 260,000 digital assets discovered, or on average, 7,500 assets per bank
- More than 60% of these assets were hosted externally
- 94% were incorporating code from one or more third-party analytics/tracking services
- 70% were running their own digital ads using third-party ad serving technology and dropping 3rd party beacons
- 94% were incorporating code from one or more third-party JavaScript libraries
