Dynatrace, today, has released the Global CISO Regional Bank 2023 Report, highlighting a concerning surge in application security vulnerabilities within financial organisations. The report underscores the need for advanced runtime vulnerability management solutions to fortify the existing security framework of financial institutions.
Driven by customer demands, regional banks are increasingly incorporating dynamic multi-cloud environments, cloud-native architectures, and open-source code libraries that are further accompanied by mounting challenges in managing and mitigating risks throughout the development lifecycle, like the Log4j vulnerability in 2021.
As per the report, 76% of chief information security officers (CISOs) in the financial services sector believe that despite having a robust, multilayered security posture, gaps still allow vulnerabilities into production. Even though 58% of financial services organisations have layered cybersecurity frameworks with five or more different types of security solutions, only 6% have real-time visibility into runtime vulnerabilities.
In the era of accelerated digital transformation, many security solutions only provide a static view at one specific time and lack the runtime context necessary to distinguish between a minor risk and a potentially disastrous exposure. This results in security teams at financial institutions being bombarded with many alerts, many of which are false positives, duplicates, or low priority. For instance, financial services organisations receive more than 2,200 alerts to potential application security vulnerabilities each month and almost 33% of application security vulnerability alerts each day. Close to 74% of CISOs agree that the volume of alerts makes it challenging to prioritise vulnerabilities based on risk and impact.
Effective vulnerability management in a cloud-native environment can only be achieved by converging observability and security solutions. With automation and AI embedded in these solutions, organisations can access accurate, real-time responses that assist teams in prioritising which vulnerabilities need to be fixed first based on the potential consequences to the organisation and its clients.
Subbu Subramanian, Country Director- India, Dynatrace said, “The insights revealed in the report certainly highlight critical juncture for financial organisations emphasising the need for a dynamic and automated approach to application security. As regional banks navigate evolving customer demands and embrace cutting-edge technologies, the challenge lies in securing digital innovation without compromise. This can only be achieved by continuous runtime vulnerability management by converging observability and security solutions together.”