The latest Cost of Cyber Crime study by Accenture found financial services among the most targeted and vulnerable industries, with breaches tripling over the past five years. The financial services industry faces a multitude of cybersecurity challenges, one being the myriad of applications used and developed containing valuable transactional data and PII. Improper application development exposes vulnerabilities for hackers to target.
According to Contrast Labs research the top 5 application vulnerabilities include:
- Sensitive data exposure – affects 69 percent of applications
- Cross-site request forgery – affects 55 percent of applications
- Broken authentication and session management – affects 41 percent of applications
- Security misconfiguration – affects 37 percent of applications
- Missing function level access control – affects 33 percent of applications
Additional research found of the software applications tested, 80% had at least one vulnerability. Since 87% of cybercrime costs in financial institutions attribute to business disruption and data loss and only 13% in revenue loss, the long-tail aftermath of data compromise far outway revenue lost. Securing your network with proper application development starts with OWASP compliance.
How OWASP Compliance Mitigates Risk for Financial Institutions
Web application vulnerabilities are often the entry point of a successful phishing campaign. An application vulnerability is a weakness that can be exploited to compromise an application, attacking confidentiality, integrity or availability known as the CIA triad.
Due to the sensitive nature of the transactions and data housed by financial service applications, there are many additional government and appointed council regulations for privacy protection. Common policy practice mandates awareness training for OWASP’s Top 10 application vulnerabilities to comply with financial services PCI and PII requirements.
Open Web Application Security Project (OWASP) focuses on improving the security of software by providing impartial, practical information on best practices and proactive controls. This well-respected organization was (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Jenna Hulbert. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QD75EE_kBV4/