Financial services companies are under constant attack. They hold some of the most valuable data attackers are after – it’s a question of when, not if, they will be breached. Ensuring business resiliency requires embracing a culture of security that begins with leadership and extends through every facet of the organization. A company must know where its most valuable data is and develop actionable strategy to reduce risk and build up effective defenses. Our in-depth Data Security Mapping helps organizations understand their data risk by mapping how business processes use, store, and protect their data throughout the lifecycle.
The increased popularity of online and mobile applications also present significant vulnerabilities for financial institutions, yet little is being done to address the issues. IOActive researchers have been highlighting concerns in mobile banking applications since 2012. In 2014, researcher Ariel Sanchez analyzed 40 applications and found significant issues throughout, noting significant security challenges banking technologies pose for worldwide financial firms. Two years later, many of the issued remained. In 2017, researcher Alejandro Hernandez built upon that work to highlight insecurity throughout mobile trading applications.
And then there is the lure money has for attackers. In 2010 IOActive researcher Barnaby Jack shook up the industry with his Jackpotting ATM demonstration where he highlighted how critical vulnerabilities in popular ATMs could remotely dispense all the machine’s cash and also harvest card and pin data. In 2017, researchers Josh Hammond and Mike Davis discovered ways to exploit another ATM to force it to dispense cash. In 2013, researcher Ruben Santamarta demonstrated how IOActive designed counterfeit money could fool a popular counterfeit detection system.
IOActive’s research and years of working with the some of the world’s largest financial organizations helps us provide our clients with real-word actionable programs that effectively identify and reduce their most critical risks.