Rethinking Application Security in a Post-Pandemic World
Published December 11, 2020
WRITTEN BY THE KIUWAN TEAM
Experienced developers, cyber-security experts, ALM consultants, DevOps gurus and some other dangerous species.
Without a doubt, the COVID-19 pandemic has had a massive impact on the financial services landscape. Not only did businesses have to tweak their entire operations under safety regulations, but they also had to contend with a growing list of cybersecurity threat-actors, given the rapid adoption and usage of online apps.
According to data from App Annie, there was a 20% increase in time spent on mobile apps in the first quarter of 2020. At the same time, consumers embraced online banking, social media, and online shopping like never before. All of these created more cybersecurity risks.
To avoid exploitation and compromise of sensitive data, information, technology, and security leaders need to view app security through a new pair of lenses. This should include a defense plan that considers the remote workforce, significantly reduced IT budgets, and limited access to AppSec talent.
Read on as we explore a dynamic plan to boost your cyber protection in a post-pandemic world.
1. Data breaches
Mobile banking malware risk has worsened, especially now that bad actors leverage uncertainty and fear surrounding the pandemic. Recent research from Malwarebytes shows that mobile banking malware has spiked in recent months, infiltrating weakened home networks and mobile devices to access highly-sensitive corporate applications. These malware solutions are only focused on one job: stealing client information.
What CIOs and CISOs can do:
The best place to start is identifying and remediating the security vulnerabilities in your application before it’s too late.
Plan to conduct application security vulnerability scanning with a tool like Kiuwan. Remember, a data breach could set back the company some millions of dollars, which is why you should never leave your mobile app security to chance.
2. Identity theft
Credential stealing has spread around the US almost as effectively as the COVID-19 pandemic. Since the bulk of the workforce has switched to working remotely, black-hat cyber criminals’ attacks have grown exponentially.
Credential theft is the leading cause of fraud in financial services, and with credential-stealing malware such as EventBolt19 and Cerberus being increasingly widespread in 2020, the risk has never been greater.
What CIOs and CISOs can do:
The post-pandemic world presents a new opportunity for CIOs to protect employees from the claws of identity theft. The best defense should focus on building authentication solutions that focus on ‘who you are’ rather than ‘something you have’ (passwords).
That said, consider installing next-level biometric solutions such as thumbprint/fingerprint, iris, voice, retina, and facial recognition technologies. With biometrics, cybercriminals’ attempt at impersonating anyone of your team members just got a lot more difficult than trying to break into passwords or PINs.
3. Ransomware attacks
Even after the pandemic, ransomware will remain one of the most significant cyber threats facing financial institutions. Statistics show that financial services will still be the second most targeted sector for ransomware attacks, only trailing healthcare.
Successful ransomware attacks reveal not only endpoint vulnerabilities but also act as a starting point for myriad other problems. For example, a breach could lead to huge monetary loss. But most importantly, businesses that don’t proactively protect against attacks will likely suffer from damaged loyalty and reputational risk.
Yet this is only the tip of the iceberg. Other repercussions of ransomware attacks are weakened employee morale and the need to dig deeper into IT resources to counter the attack.
What CIOs and CISOs can do:
You’ll want to add an extra layer of security throughout your networks so that they’re not susceptible to advanced ransomware attacks.
Part of this includes enforcing application whitelisting, so only approved apps are allowed to run on the central network. Also, consider running a complete review of your backup process and backup files to ensure you’re protecting all the critical employees. Make sure there’s a recent backup process stored off-site and which is tested and working properly.
After the pandemic, most ransomware attacks will continue to target mobile APIs, so you’ll want to have a solid API gateway in place. But if that isn’t possible, consider software patching as a proactive security measure.
4. Responding to new attack vectors
With advancements in modern technology, the attack base for bad-actors is bound to grow. Emerging technologies such as deep-fakes and fifth-generation cellular networks (5G) will have their vulnerabilities discovered by the time the pandemic ends.
What CIOs and CISOs can do:
Don’t wait until it’s too late to protect your applications, networks, and data from cutting-edge malware. Whether you’re in insurance, accountancy, or a bank, the time to explore the newest avenues for cyber warfare is now.
You could invest in AI and machine learning technology, which is adept at pre-empting security threats by collecting data from the global information network. Another brilliant option is application security, which allows you to protect your code from loopholes that are often caused by a lack of testing or developer errors. Blockchain technology is also a formidable option, allowing for identity authentication and the secure sharing of information. Whatever option you choose, make sure it delivers immense security value.
5. Phishing scams
New research indicates that fraudsters have stepped up mobile phishing attacks on financial service institutions. And that trend looks set to continue even after the pandemic.
With the prevalence of mobile usage, cybercriminals have more time on their hands to launch targeted mobile phishing scams.
The idea here is to lure the employee into downloading unverified apps or clicking on pop-up links. They are then redirected to fake sites where they’re prompted to share their credentials and other login details. Once the bad-actors gain control of the employee’s email account, they’ll be able to gain access to company documents and client financial information.
As you can imagine, a scam like this could have devastating consequences- both reputational and financial. And that stands true both for the company itself and individual staff members.
What CIOs and CISOs can do:
The most effective way to combat phishing scams post-pandemic? Educate and inform your users. Warn them against downloading apps from questionable sources since that could put their personal details (and that of clients) at risk.
6. Protect your app against security threats
Let’s face it; cyber threats within the financial services sector are bound to grow two-fold in a post-pandemic world. So how do you protect your app and mobile data from these unique and equally dangerous attacks?
It all starts with identifying security weaknesses in the Software Development Life Cycle (SDLC). Being aware of loopholes early enough allows you and your developers to create robust defense protocols to fend off malicious attacks, no matter their scope or timing. Using a potent security tool like Kiuwan can make all the difference.
Kiuwan leverages SCA and SAST analysis, empowering security professionals to shield their data and apps from cyber threats with a super-fast and scalable platform that integrates within any DevOps environment.
Don’t let the post-pandemic period catch you or your developers off-guard. Invest in data security with us today, and you can wave goodbye to any mobile security threats that lie ahead!
Would you like to know your application’s security score? Get in touch with our Kiuwan team! We can help you identify current vulnerabilities and create an action plan to address them.