Finance and retail industry applications for mobile devices are the most vulnerable to data breaches, according to new research by CAST.
CAST found that the majority of security holes in application software can be directly linked to poor code quality. Fully 70% of retail and 69% of financial services applications were found to have data input validation violations. This is particularly alarming, given the amount of personal and financial data typically stored in these apps.
CAST Executive Vice President Lev Lesokhin, who led the security analysis, said that if IT organizations continue to sacrifice software quality and security to meet unrealistic schedules, high-profile cyberattacks will only increase. “Businesses handling customer financial information have a responsibility to improve software quality and reduce the operational risk of their applications – not only to protect their businesses, but ultimately their customers,” he said.
Input validation has received a great deal of attention recently due to the Heartbleed bug, CAST noted. Due to improper input validation, more than 60% of the internet’s servers were exposed to intrusion. Although the Heartbleed panic has calmed down over the past several months, as of 21 June 2014, it is estimated that 309,197 public web servers still remained vulnerable.
In addition, a recent report revealed that input validation attacks were exploited in 80% of attacks against applications last year in the retail industry alone – with perhaps the largest casualty being the record breaking eBay data breach, resulting in hackers gaining access to over 145 million user records.
CAST also found that government IT had the highest percentage of applications without any input validation violations (61%), while independent software vendors came in last (12%). Even more surprising, the financial services industry has the highest number of input validation violations per application (224) even though these applications, on average, are only half as complex as the largest application scanned.
In its upcoming CAST Research on Application Software Health (CRASH) Report, CAST found a significant correlation between application robustness, its ability to avoid failures, and application security. Dr. Bill Curtis, chief scientist at CAST and author of the CRASH Report, said, “Some security experts argue software security is different from software quality and should be treated separately. The CRASH Report data proves this is false. Badly-constructed software won’t just cause systems to crash, corrupt data, and make recovery difficult, but also leaves numerous security holes.”
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
Despite being behind the likes of Europe and China, the US payments industry is now rapidly advancing, said Anish Kapoor, CEO of AccessPay told GTNews in an exclusive interview.
Treasurers are more interested in cross-border payments and automation than real-time payments, as they are consistently asked to do more with less, argues Rick Burke, head of corporate payments at TD Bank in an exclusive interview.
The top five sectors Asian fintech investors are interested in are data analytics, blockchain, lending, payments and regtech, according to Gary Hwa, EY regional managing partner.