RiskIQ Report Exposes Third Party Threats in Digital Footprint of Financial Services Industry
April 15, 2015
Externally Hosted Websites, Rogue App Stores and Unvetted Code Place Banks at Risk
SAN FRANCISCO -- April 15, 2015 -- RiskIQ, the company that enables organizations to discover, inventory, monitor and secure their digital footprints, today released a white paper that summarizes the findings of a new report on third-party threats present in the digital footprints (websites and mobile apps) of 35 leading US-based banks. Externally hosted websites, unsanctioned mobile apps and questionable third-party code feeds topped the list of high-risk conditions that expose financial institutions and their customers to malware infections, data theft and fraud. The white paper is available here: http://trust.www.riskiq.com/banking-industry-cyber-threats-white-paper
RiskIQ will demonstrate its enterprise digital footprint discovery, monitoring and security service at RSA Conference 2015 booth #3222 in the North Expo Hall.
RiskIQ enables organizations to detect and mitigate online threats such as malware, malvertisements and fake apps in their digital footprints -- websites and mobile ecosystems -- to protect customers, employees and their brands from cyber-attacks.
The findings published in the RiskIQ white paper released today reveal that 35 of the top US based banks are collectively connected to nearly 260,000 digital assets. These include known, unknown and rogue online touch points that link back to a given bank. Specific examples include: domains, secondary sites, co-branded affiliate sites, marketing landing pages, co-branded partner sites, mobile apps, social media profiles and infrastructure like web servers, name servers and IPs.
Some of the report's key findings include:
- 61 percent banks' websites were hosted externally
- 97 percent of banks' mobile apps are hosted outside of the official Apple, Amazon, Google, Windows and Blackberry app stores
- 94 percent of banks' official websites connect to one or more analytics or tracking services
“These findings are significant because they illustrate just how large the digital footprint and attack surface of banks has become on the Internet,” said Elias Manousos, CEO of RiskIQ. “Since most security mechanisms focus on monitoring and protecting assets inside the enterprise perimeter, banks have less visibility or control over risks that are exploiting external infrastructures used as touch points with customers. Attackers know about and are taking advantage of this blind spot.”