RiskIQ Highlights Digital Threats to Banks
April 2015 by
Security specialist RiskIQ says the growth in digital business is producing an increasing threat to banks across the world, as they seek new ways to connect with customers. Its latest research shows that a selection of 35 top banks have more than 260,000 assets exposed to external risk.
With the growth in social media, websites, and mobile apps, banks are increasingly turning to new ways of providing services. But with the largest banks owning an average of 7,500 public facing digital assets, the RiskIQ research found that 60% sat outside the company firewall.
Banks facing increased risk from hackers as their digital footprint grows. In addition, they are relying heavily on external third-party code to power tracking, analytics, serving company ads and supporting re-targeting. This third party code provides an additional attack vector that can be exploited by malicious actors.
RiskIQ also discovered 1,777 mobile applications, or an average of 51 per bank. Of these, only 5% of mobile applications were found in the official app stores (Googleplay, Apple, etc), whilst 95% were hosted on secondary, tertiary, affiliate or foreign app stores.
Summary of Findings
The results were gathered by the RiskIQ platform, which continuously monitors websites and mobile application stores using web scale virtual user technology to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ inspected the web and mobile assets of 35 top banks, finding:
• 260,000 digital assets discovered, or on average, 7,500 assets per bank
• Over 60% of these assets were hosted externally
• 94% were incorporating code from one or more third-party analytics/tracking services
• 70% were running their own digital ads using third-party ad serving technology and dropping 3rd party beacons
• 94% were incorporating code from one or more third-party JavaScript libraries