Connect with us

Hi, what are you looking for?

HEADLINES

Finance and retail applications most vulnerable to data breaches: study

Finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations.

Artwork by Janis Dei Abad

Finance and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications shown to have data input validation violations, according to new research released by CAST. This is particularly concerning, considering the amount of personal and financial customer data often held in applications across these industries.

“So long as IT organizations sacrifice software quality and security for the sake of meeting unrealistic schedules, we can expect to see more high-profile attacks leading to the exposure and exploitation of sensitive customer data,” said CAST EVP Lev Lesokhin who led the security analysis. “Businesses handling customer financial information have a responsibility to improve software quality and reduce the operational risk of their applications –not only to protect their businesses, but ultimately their customers.”

Input validation has gotten a great deal of attention this year thanks to the Heartbleed bug, which exposed over 60 percent of the internet’s servers to intrusion due to improper input validation in the form of a missing bounds check in the implementation of the TLS heartbeat extension.

As of June, 21 2014, it’s estimated that 309,197 public web servers still remained vulnerable. In addition, a recent report revealed that input validation attacks were exploited in 80 percent of attacks against applications last year in the retail industry alone — with perhaps the largest casualty being the record breaking eBay data breach, resulting in hackers gaining access to over 145 million user records and a federal investigation.

CAST also found that — contrary to public perception — government IT had the highest percentage of applications without any input validation violations (61 percent), while independent software vendors came in dead last (12 percent without violations).

Advertisement. Scroll to continue reading.

Even more surprising, the data showed that the financial services industry has the highest number of input validation violations per application (224) even though their applications, on average, are only half as complex as the largest application scanned.

In its biennial CRASH Report on the global state of quality in business applications to be released in September, CAST found a significant correlation between application robustness, its ability to avoid failures, and application security.

Dr. Bill Curtis, chief scientist at CAST and author of the CRASH Report, said, “Some security experts argue software security is different from software quality and should be treated separately. The CRASH Report data proves this is false. Badly-constructed software won’t just cause systems to crash, corrupt data, and make recovery difficult, but also leaves numerous security holes.”

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

Nearly 50% of companies paid the ransom to get their data back – the second highest rate of ransom payment for ransom demands in...

GAMING

To help players stay safe, Kaspersky is launching “Case 404” — an interactive cybersecurity game that teaches Gen Z how to recognize threats and protect their...

HEADLINES

A zero-trust secure connection has many applications beyond automotive. It’s really for any industry that cares about security, and managing that security at scale.

HEADLINES

Organisations across the Asia-Pacific and Japan region are putting their security posture first, and many are now detecting intrusions early in the attack lifecycle,...

HEADLINES

Agentic AI Assistants—such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same...

HEADLINES

Based on breach-tracking research conducted for over two decades, over 124 million Filipino user accounts have been compromised since 2004. This puts the Philippines...

HEADLINES

The results reveal a threat landscape that is not only evolving in complexity but also shifting toward gaps in visibility, governance, and infrastructure, posing...

HEADLINES

iProov's Security Operations Center (iSOC) observed live operations of the threat actor, codenamed Grey Nickel, targeting organizations globally with concentrated attacks against banking, crypto...

Advertisement