Top US banks have multiple online security flaws
Analysis of the internet presence of 25 out of 50 top US banks reveals a worrying number of online security flaws.
Threat management company RiskIQ used its Digital Footprint product, which provides a real-time inventory of all internet-facing assets, including the components running on assets that may expose the organization to vulnerability risk. It also correlates newly discovered vulnerabilities with internet-exposed components and assets, highlighting those at risk to inform patching and remediation planning.
The banks analyzed returned an average risk score of 74 out of 100. The average bank having 30 domain configuration issues, 42 SSL configuration issues, 87 IP reputation issues, and 81 threat indicators across their digital footprint. These results go to show that even some of the biggest institutions, with the most sizable security budgets, have room for improvement and gaps in security outside their firewall.
RiskIQ has released several new features for its Digital Threat Management platform and products, in addition to Risk Reporting, including updates to its user interface to speed up the process of validating and triaging digital threats such as phishing, brand abuse, social imposters, and rogue mobile applications. It's also introduced single sign-on capability to integrate the platform authentication to existing enterprise account and user management tools. Other new enhancements are aimed at improving threat detection and investigation capabilities, helping organizations maintain their inventory of all official social media profiles and mobile applications, and provide an understanding of open ports exposed on their organization's IP footprint.
"As part of our commitment to helping our customers tackle the persistent threats against them, we continue to invest in our platform to provide actionable insights, visibility, and control over risk and threats outside the firewall," says Lou Manousos, CEO of RiskIQ. "Organizations are managing an unprecedented level of risk by simply having a digital presence online. RiskIQ provides the visibility and intelligence, along with the broadest and deepest internet data, to help an organization understand and reduce their risks."