SearchLight to reduce mobile risks of financial institutions
These days it is hard to find banks or insurance companies that do not have a mobile strategy. Whether it is to check balance, track and manage financial products including linked insurance products, or pay a bill, financial institutions are racing to find that mobile product that will win the hearts and minds of consumers.
The 2017 Global Cybersecurity Assurance Report Card from Tenable revealed organizations are falling short when it comes to their ability to assess cybersecurity risks across 11 key IT infrastructure components (see Figure 1). For instance, the rush to introduce new online services in the form of web applications accessible via mobile device creates new security challenges.
Figure 1: Risk Assessment score changes between 2016 and 2017
Tenable warns that if application-centric security is the future, we have a long way to go.
“Mobile is no longer a niche or isolated part of an organizations’ digital footprint. New devices and applications are the status quo and organizations must be able to identify the digital risks associated with them,” said Alastair Paterson, CEO and co-founder of Digital Shadows.
“But we know that a large percentage of mobile applications will fail basic security tests and this digital risk presents enterprises everywhere with brand protection and data risk threats. In an increasingly mobile-first world, our customers now have the ability to precisely account for evolving threats jeopardizing irreplaceable reputations and information.”
Digital Shadows’ launch of its SearchLight™ digital risk management service marries advanced technology with human analytics, and helps organizations detect and respond to mobile application threats against their employees and consumers. Chris Brown (photo right), Vice President, EMEA and APAC for Digital Shadows says the new service was built with financial services clients in mind as these struggled to manage their digital risk in todays connected world.
SearchLight offers identification of malicious and unsanctioned applications in official and third-party application stores. It also identifies impersonated or spoofed mobile applications that could damage an organization’s brands or compromise sensitive information.
The company claims trialing of the new service with some key clients helped one financial services client identify 39 incidents of mobile applications posing a risk to their organization. This included mobile apps with malicious code, impersonation and unauthorized use of the company brand. While many of these came from third party application stores, some were from official stores.
Asked about the continued cyber security threats directed at the financial services industry, Brown says due to the nature of their business, banks and other financial institutions are some of the biggest targets for cybercrime and data compromises and regularly rank in the top 5 vertical sectors targeted by hackers and other cybercriminals.
“After all most cyber criminals are motivated by financial gain and financial institutions are not only often home to money and large amounts of personal data all of which has a value, but they are also often well-known global brands with millions of customers worldwide.
He added that cybercriminals ‘follow the money’ and they see financial institutions the perfect targets for their activities. “Financial institutions are typically difficult to defend; they are made up of national and multinational companies that have often grown through acquisition. These sorts of businesses are also the most embracing of new technology and tend to be increasingly connected, both as an industry, and with their customers and suppliers,” he explained.
“For the financial institutions themselves, they recognize that they are targets and invest heavily in cyber defenses which stop many attacks and compromises. But it is the sheer volume of attacks and sophistication of the compromises which makes the security teams jobs so hard in many banks.”
“It is hard to stop everything, or determine what is the most critical or important alert to focus the limited manpower and budget to deal with. Being able to focus their attention on the most critical incidents is the way they can hope to manage their digital risk,” he concluded.
With Digital Shadows’ mobile application monitoring, customers can detect a wide range of threats including: Suspect application behavior and code, such as self-signed certificates or the presence of malware; versions of application that have been modified by a third party; copies of application on stores that are not actively managed; impersonating or spoof application that mimic brands and affiliate links that mislead or confuse users. Monitoring even extends beyond customer mobile application, to internal company mobile apps.
New features of SearchLight include mobile app monitoring, new asset registration of mobile apps and improved dashboards for executives and security teams.
Feature photo courtesy of iStockPhoto