A focus on developing digital channels may be exposing banks to unrecognised threats, claims a new study by security firm RiskIQ.

Its latest research monitored a selection of 35 top global banks, and found that collectively they had more than 260,000 assets exposed to external risk.

The study also counted 1,777 mobile applications, or an average of 51 per bank. Of these, only 5 per cent were found in official app stores (such as Googleplay or the Apple Store), while 95 per cent were hosted on secondary, tertiary, affiliate or foreign app stores.

Banks were increasingly turning to new ways of providing services on the web, said RiskIQ, but 60 per cent of banks’ public-facing digital assets sat outside company firewalls.

This expanding digital footprint was putting banks at an increased risk from hackers, noted the report, exacerbated by a heavy reliance on external third-party code to power tracking, analytics, company ads and re-targeting.

Some 70 per of the banks covered were running their own digital ads using third-party ad serving technology and beacons, while 94 per cent were incorporating code from one or more third-party JavaScript libraries or tracking services.

Elias Manousos, CEO of RiskIQ, explained: “The two trends of externally hosted digital assets and the use of third party components highlights the changing security landscape that banks and other organisations are dealing with. As digital assets move outside of the corporate firewall, traditional security approaches become ineffective and the potential attack surface for the adversary grows.”

Share Story: