More than 60% of assets sit outside the firewall in 35 top banks, according to new RiskIQ security report

Security RiskIQ says the growth in digital business is producing an increasing threat to banks across the world, as they seek new ways to connect with customers. Its latest research shows that a selection of 35 top banks have more than 260,000 assets exposed to external risk.

With the growth in social media, websites, and mobile apps, banks are increasingly turning to new ways of providing services. But with the largest banks owning an average of 7,500 public facing digital assets, the RiskIQ research found that 60% sat outside the company firewall.

Banks facing increased risk from hackers as their digital footprint grows. In addition, they are relying  heavily on external third-party code to power tracking, analytics, serving company ads and supporting re-targeting. This third party code provides an additional attack vector that can be exploited by malicious actors.

RiskIQ also discovered 1,777 mobile applications, or an average of 51 per bank. Of these, only 5% of mobile applications were found in the official app stores (Googleplay, Apple, etc), whilst 95% were hosted on secondary, tertiary, affiliate or foreign app stores.

Elias Manousos, CEO of RiskIQ, said: “The two trends of externally hosted digital assets and the use of third party components highlights the changing security landscape that banks and other organisations are dealing with. As digital assets move outside of the corporate firewall, traditional security approaches become ineffective and the potential attack surface for the adversary grows.

Today, effective defence begins with a full understanding of your digital footprint. At RiskIQ we help many of the world’s banks identify and defend their digital presence.”

Summary of findings

The results were gathered by the RiskIQ platform, which continuously monitors websites and mobile application stores using web scale virtual user technology to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ inspected the web and mobile assets of 35 top banks, finding:

  • 260,000 digital assets discovered, or on average, 7,500 assets per bank
  • Over 60% of these assets were hosted externally
  • 94% were incorporating code from one or more third-party analytics/tracking services
  • 70% were running their own digital ads using third-party ad serving technology and dropping 3rd party beacons
  • 94% were incorporating code from one or more third-party JavaScript libraries
RECENT ARTICLES
Businesswoman in a seminar drawing a graph

Tech giants collaborate to set agenda for Europe’s digital future

Posted on: April 18, 2024

Ericsson has joined forces with four of the biggest names in global technology to call on Europe’s policymakers to take urgent action in five key areas to ensure the region

Read more
standard quality control collage concept

Cybeats Technologies secures SaaS agreement with major european telecom provider

Posted on: April 17, 2024

Cybeats Technologies has announced a software as a service (SaaS) agreement for its SBOM Studio product with one of the largest European telecom providers, that has a $30 billion market cap.

Read more