65% of Major US Banks Fail Web Security Testing
2017 has been the year of cyber attacks. From the infamous Petya ransomware attack, the havoc wreaking WannaCry attack and the Magecart payment stealing scam, the number of data breaches and information theft is escalating more than before. On one hand, while companies and financial institutions are worse at keeping sensitive information safe, hackers are developing unprecedented techniques to conduct cyber attacks. In the wake of this grim reality came to light the susceptible state of US banks and their security countermeasures.
An anonymous security audit of over 1000 websites of some of the largest banks in the United States have revealed staggeringly disturbing results. The non-profit Online Trust Alliance (OTA) Alliance which conducted the clandestine privacy and security test revealed that 65% of US banks have failed this web security testing, with some of the largest banks in the US having scored the poorest in the security audit.
This possibly could be a US banking customer’s worst nightmare. In the audit, only 52% of the 1,000 sites tested qualified for the Honor Roll. To receive the Honor Roll award, the banks must fare an overall score of 80%or higher across three categories: consumer protection, security, and privacy. However, the results of the audit remind us of a different reality altogether.
So now as a US banking customer, you can trust only 27% of the 100 largest banks in the country. While, quintessentially, banks are supposed to take proper web security measures to protect customer funds, trust in banks and other financial institutions is an all time low. Though banks strongly urge customers to adopt digitization and mobile banking, it is disconcerting to see the gravity with which they approach online security.
Simple and effective countermeasures like air gaps, rate limiting, IP reputation, and improvement of identity management can prevent financial larceny to a large extent. Moreover, other measures like compartmentalization, security classification of assets and access, and the management of privileged identities and access reduce losses and provide large ROI.