Like many industries, the banking and insurance sectors have shifted their resources to be digital-first, all the more so since the start of the global pandemic. For today’s customers, who increasingly begin their banking experiences using digital channels, whether online or mobile, a digital-first approach is the best way for financial firms to meet their customers’ needs.
Day to day personal banking, whether it’s making deposits via mobile phone or carrying out more peer-to-peer payments online, has definitely shifted to a safer and more convenient digital experience when compared to trips to local branches of the pre-COVID era. To connect these digital and physical worlds and meet today’s customer expectations, banks and insurance enterprises are balancing numerous digital transformation initiatives, from overhauling their back office architecture with microservices, to the opening of once heavily-siloed and protected banking structures. Even though this overhaul may reflect an industry that has been one of the early adopters of technology, financial firms continue to be burdened by an IT architecture comprised of many layers of interwoven modern and legacy applications, often a result of many historical mergers and acquisitions.
Unfortunately, banking and insurance providers, like other industries striving to compete in their respectful digital transformation journeys, might have exposed themselves to needless ‘risks’ while delivering these modern services. One such risk can be attributed to the rapid-paced demands of various digital transformation projects making security planning an afterthought. Another risk comes from the constant juggling of resources to bridge the digital and physical gaps in the historical architecture. Nevertheless, these industries have become top targets for cybercriminals, who could also be responsible for attacks by deep-pocketed nation states. Verizon’s latest annual data breach report identified financial services as a favorite playground for financially motivated organized criminals, for two consecutive years (2019 and 2020).
Web Application Attacks a Top Breach Type
Topping the list of breach types since 2019 are web application attacks. This underlines the fact that even if there is no sensitive data residing on a web server, it is still a desirable target for criminals as part of their infrastructure attack strategy. And despite IT teams implementing security best-practices (e.g., patching vulnerabilities, server version currency, decommissioning legacy devices, etc), when battling web application attacks, banking and insurance enterprises continue to be amongst the slowest to resolve flaws. In fact, the median time required for financial services applications to resolve flaws resulting from such attacks as SQL injections, cross-site scripting and stolen credentials, as well as DDoS and Bad Bot attacks, is more than six months (198 days).
Likewise, as more resources migrate to digital-first initiatives, banking and insurance organizations will continue to depend on web application firewalls as the foundational security tool to help bridge numerous development and delivery gaps that exist. Whether it’s PCI or GDPR, web application firewalls are an essential element of keeping personal data safe to meet data privacy compliance across industries and geographies. More importantly, they also have been the frontline solution of choice to defend against the aforementioned web application attacks that have been popular amongst cybercriminals.
Choosing the right security vendor
As development in web applications and their workloads continue to advance, it is important to work with a vendor that not only has a security-first mindset but also has the resources to provide you ongoing support in securing your digital journey.
Security vendors with advanced security modeling, and automation capabilities can help enterprises differentiate between legitimate and illegitimate digital activity to minimize any unnecessary downtime or need for additional resources. It is also important to select a vendor that offers a complete security portfolio to protect your workloads, whether they reside on-premises, in the cloud, or both.
Join our webinar on Mar 24 to learn why Application Security is more important than ever for Financial Services. Register here.
Try Imperva for Free
Protect your business for 30 days on Imperva.