More than 60% of assets sit outside the firewall in 35 top banks, according to the latest RiskIQ security report
San Francisco, Apr 16, 2015 – Security specialist RiskIQ says the growth in digital business is producing an increasing threat to banks across the world, as they seek new ways to connect with customers. Its latest research shows that a selection of 35 top banks have more than 260,000 assets exposed to external risk.
With the growth in social media, websites, and mobile apps, banks are increasingly turning to new ways of providing services. But with the largest banks owning an average of 7,500 public facing digital assets, the RiskIQ research found that 60% sat outside the company firewall.
Banks facing increased risk from hackers as their digital footprint grows. In addition, they are relying heavily on external third-party code to power tracking, analytics, serving company ads and supporting re-targeting. This third party code provides an additional attack vector that can be exploited by malicious actors.
RiskIQ also discovered 1,777 mobile applications, or an average of 51 per bank. Of these, only 5% of mobile applications were found in the official app stores (Googleplay, Apple, etc), whilst 95% were hosted on secondary, tertiary, affiliate or foreign app stores.
Elias Manousos, CEO of RiskIQ, said: “The two trends of externally hosted digital assets and the use of third party components highlights the changing security landscape that banks and other organisations are dealing with. As digital assets move outside of the corporate firewall, traditional security approaches become ineffective and the potential attack surface for the adversary grows. Today, effective defence begins with a full understanding of your digital footprint. At RiskIQ we help many of the world’s top banks identify and defend their digital presence.”
Summary of Findings
The results were gathered by the RiskIQ platform, which continuously monitors websites and mobile application stores using web scale virtual user technology to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ inspected the web and mobile assets of 35 top banks, finding:
- 260,000 digital assets discovered, or on average, 7,500 assets per bank
- Over 60% of these assets were hosted externally
- 94% were incorporating code from one or more third-party analytics/tracking services
- 70% were running their own digital ads using third-party ad serving technology and dropping 3rd party beacons
RiskIQ enables organizations to maintain the integrity of their web and mobile properties by detecting and removing instances of malware, impersonation and defacement used to commit fraud and violate users’ privacy. The company’s SaaS platform performs continuous asset discovery, indexing and threat detection across the web, mobile app stores and social networks using software agents that emulate human behavior. RiskIQ is used by eight of the 10 largest financial institutions in the U.S. and five of the nine leading Internet companies in the world. The company is headquartered in San Francisco and backed by Battery Ventures and Summit Partners. For more, visit www.riskiq.com.
Atomic PR for RiskIQ
+44 (0)207 025 7507