Financial institutions, like other organizations, struggle to implement application security (AppSec) tools and processes that can scale and keep pace with relentless demand. The complexities of managing and maintaining open source, and the adoption of cloud-native architectures and their associated microservices, all increase the degree of difficulty. Further, supply chain intricacies make it difficult to get a complete picture of an organization's risk profile.
It's no surprise then that AppSec continues to be a complex challenge for financial services organizations adopting modern development practices. A key difference for the financial services industry (FSI), however, is the high stakes involved. In 2019, the global financial services market was valued at $22 trillion.1 During the first year of the COVID-19 pandemic, over 70% of financial services firms experienced a successful cyber attack.2
Despite the high stakes and the challenges of securing software—or maybe because of them—many myths and misconceptions abound in the FSI. Using research data from the "Building Security In Maturity Model" (BSIMM) report and other sources, this eBook debunks and explains several AppSec myths prevalent among financial institutions.
1 Bowcut, Steven, "Cybersecurity in the financial services industry," Cybersecurity Guide, Feb. 25, 2021.
2 Muncaster, Phil, "Most financial services have suffered COVID-linked cyber attacks," Infosecurity Magazine, Jan. 19, 2021.
The 10 Most Common Web Application VulnerabilitiesLearn more
5-Step Blueprint for Launching a Successful Software Security InitiativeLearn more
Secure software requires more than just tools.Watch the video
Learn where to look for ROI in an AppSec program to maximize your investment.Read the blog post