Industry Observations-Web Application Security

Collaborating for Stronger Defenses

Collaboration, according to Wikipedia, is “the process of two or more people or organizations working together to realize or achieve something”. When it comes to cybersecurity, there is a common enemy and collaborating with industry peers in sharing threat information is critical to understanding and addressing cybercrime.

FS-ISAC (Financial Services Information Sharing and Analysis Center), was established to maintain the resilience of the financial services infrastructure against cyber criminals and acts that could endanger the ability of the financial institutions to provide services that power the global economy. FS-ISAC members and affiliates share threat and vulnerability information within the financial services industry, and members are seeing great value in real-time sharing of cyber security information within their sector.

At WhiteHat Security, having assessed tens of thousands of web applications, we have a unique perspective into the application security posture, types of vulnerabilities, windows of exposure, and risk metrics for organizations across various verticals, including financial services firms. We have joined the FS-ISAC Affiliate program to contribute application security and vulnerability assessment data and metrics to the FS-ISAC members. 

Consider a few sobering statistics from this year’s WhiteHat Web Applications Security Statistics Report:

  • On average, a financial services web site in 2015 had six serious vulnerabilities
  • On average, it took 160 days for a financial services organization to fix a vulnerability

There’s no longer any doubt that web applications attacks are the Achilles heel for security, as they are responsible for a stunning 82% of data breaches in the financial services sector. This infographic shows some of the other findings specific to the banking and financial services institutions.

WhiteHat-security-statistics-report-Banking and Financial Services

In an environment where 95% of the cyberattacks are financially motivated, financial institutions are an obvious, attractive target. Information sharing about threats, vulnerabilities, incident prevention, detection, and response through FS-ISAC provides a support mechanism for financial services organizations.

In 2015, President Obama issued the Executive Order 13691 directing the Department of Homeland Security (DHS) to encourage the development of Information Sharing and Analysis Organizations. This mandate also encouraged businesses to collaborate within their respective industries to promote a real-time response to cyber security incidents.

To keep pace with the cyber adversaries, real time sharing of security and risk information between organizations is critical, and industry peers, working together on sharing information for the collective good of the industry, are taking the concept of collaboration to new heights.

WhiteHat Security will be at the FS-ISAC Fall Summit in Nashville, Tennessee, October 23-26. Stop by to learn more about application security solutions for financial services organizations (Booth # 76), and join us for the talk, “Hack Yourself First: A Risk Based Approach to Application Security”, on October 26 at 12:50pm.

Tags: application security, Financial Services