New Report: Insight Into Vulnerability Preparedness Across Financial Sector

New pressures presented by the hastened digital transformation due to this year’s global pandemic have put banks, credit unions and other financial institutions of all sizes in the position of assessing and implementing new cloud technologies faster than they would prefer. Additionally, the speed with which they have had to stand up remote workers and deliver services to remote customers has introduced new areas of risk. Malicious actors have discovered this and pounced. The frequency of cyberattacks on financial institutions is relentless with alerts and warnings being issued constantly. According to recent reports, cybersecurity attacks targeting banks have surged 238% due in large part to COVID-19.

Digital Defense, Inc., provider of vulnerability and threat management solutions, recently ran peer comparison reports on its bank, credit union, and financial services clients to gain greater insight into industry-specific threats and threat and vulnerability preparedness across the financial sector.

The chart below provides the 12-month average Security GPAs** for internal and external scanning and compares 2020 scores with the same period in 2019. For additional context, the Security GPAs for banks, credit unions, and financial services firms were averaged to calculate an overall financial industry GPA for internal and external vulnerability scanning.

Report findings:

  • Over the past 12 months, all financial verticals performed above the platform average Security GPA for both their internal (2.72 B-) and external (3.37 B+) vulnerability scanning and remediation efforts.
  • The bank and credit union Security GPAs for external scanning indicate that these two groups have made headway improving their external security posture by prioritizing high-impact vulnerabilities that put their organizations most at risk. 
  • On the other hand, the financial services vertical’s 2020 internal GPA (2.81 B-) is noticeably lower than 2019 (3.05 B+). Many variables can impact a decreased Security GPA, especially as we account for the extensive network changes in the financial industry over the past several months. Situations that could be contributing factors to the lower 2020 internal GPA for financial services include:
    • A large deployment of hardware, software, or operating systems triggered several high-level vulnerabilities that are not being addressed because organizations are going through a technology refresh.
    • New vulnerabilities discovered that are targeting applications specific to the financial services vertical.
    • Financial services customers may have a sizeable deployment of applications or operating systems that have recently reached end-of-life (EOL), triggering additional vulnerabilities.
  • Most notable in this industry comparison is that most of Digital Defense’s financial clients’ year-over-year scores exceed platform averages, remain consistent and improve during a time of significant technology changes across the industry. The data indicates that financial organizations are prioritizing vulnerabilities that have the most impact on their security posture and are putting security first by acting on incidents identified through their vulnerability management program.

More info can be found here.

Leave a Reply

%d bloggers like this: