The growth of digital business in the modern world is creating lots of opportunities for organisations, but with it also comes a new range of threats in the form of cyber attacks.
This is especially true in the banking industry. With the growth of social media, websites, and mobile apps, banks are increasingly turning to new ways of providing services.
This means an increased digital footprint, which in turn means an increased risk of hack attacks. According to research from RiskIQ, a selection of 35 top banks have more than 260,000 assets exposed to external risk.
We recently had the chance to speak to Fabian Libeau, EMEA Technical Director at RiskIQ, to discuss the current threat landscape and why companys need to be staying on top of their digital footprint.
The full interview can be found below:
- How does RiskIQ's crawling infrastructure work?
RiskIQ is emulating real user behaviour. Our army of virtual users look and act like the real thing and because we have egress points all over the world we can emulate users accessing web assets from different countries.
These virtual users collect all the data a user would see, analysing it to find a range of security issues such as expired SSL certs, broken links and malware. We also analyse all 3rdparty content such as ads, analytics, and social media widgets that a user would get served.
- How important is it for companys to be aware and stay on top of their digital footprint?
Customer interaction is increasingly taking place via the internet and mobile apps. While companies have focused on getting internal IT compliant and secure, there has been less focus on assets sitting outside the firewall.
Knowing, securing and monitoring these assets is essential for enterprises relying on digital channels for business.
- Can businesses ever be fully protected in the modern world?
Probably not. A lot of businesses are very agile and have to change on an almost daily basis to deliver on customer expectations.
In this fast changing environment security teams often don't have the chance to analyse the risk and put appropriate protection in place. At RiskIQ we see that most organisations don't have an accurate inventory of their assets on the Internet and in the mobile app stores which means security can’t protect them.
To stay ahead of the curve security needs to be involved early but must also have the tools to help with new challenges.
- Talking about banks specifically, what are they doing right and wrong at the moment with regards to cyber security?
The investment of banks in cyber security over the last decade increased substantially. But banks have been mainly driven by compliance mandates or risk centric approaches, which worked well for a lot of use cases focusing on protecting internal assets.
This is changing, especially for retail banks as they conduct their business outside the firewall. Banks have to adjust their organisation and investments to make sure that they are able to protect their business, which starts with their customers.
- What future trends do you see taking shape in the next few months?
It is that RSA time of the year and security vendors will come out of stealth mode with new exciting offerings.
The threat space is certainly an area where a lot of these companies are active. Threats in the mobile world and the Internet, sharing, analysing, investigating, consolidating and mapping them to organisations is certainly a focus.