Financial Services Companies Deficient In Cybersecurity

According to a survey of cybersecurity at financial services firms conducted by the Ponemon Institute, that industry as a whole remains vulnerable because of deficiencies in managing risks in their supply chain, and assessing software for security issues. The conclusion was that financial services firms must increase their attention toward cybersecurity, improve secure software development training, put into place more automated tools, and better manage open source components. While most financial services organizations provide some form of secure development training for software developers, only a small percentage require such training, the report stated. Most of the organizations surveyed rely on their own internal assessments, rather than models such as the Building Security in Maturity Model or the Software Assurance Maturity Model. Most of the firms surveyed report running their software security testing after applications are released. This is probably owing to a lack of application security expertise, concerns about costs, and a fear that security processes earlier in the software development life cycle might impede development and slow response to market conditions. Most financial services organizations develop their own software in-house, although the trend is toward third party purchases.