A new report states that 65% of major US banks have failed web security testing designed to determine whether or not they are vulnerable to a cyber attack.
IBS Intelligence states that a new report from the Online Trust Alliance (OTA) claims that up to 65% of US banks are extremely vulnerable to cyber attacks. As part of the firm’s Online Trust Audit & Honor Roll for 2017, more than 1000 website were anonymously audited with their security and privacy features ranked from best to worse. Following the audit, many US banks were ranked as the worst for security and privacy.
In order to receive the Honor Roll Award from the firm, websites must achieve an overall ranking of 80% or more. Three categories are taken into consideration: consumer protection, security, and privacy. Failing any one of these three categories results in an automatic disqualification from receiving the award.
52 percent of the websites audited qualified for the Honor Roll, a 5% improvement on scores from 2016. However, despite the overall improvement, only 27% of the 100 largest banks in the country met the Honor Rolls standards.
According to the OTA, the US digital banking sector had shown improvement, but due to “increased breaches, low privacy scores and low levels of email authentication,” many banks performed poorly. The American Bankers Association (ABA) has taken issues with the OTA’s results; Doug Johnson, the senior vice president of payments and cybersecurity policy at the ABA, stated in an interview with NBC that banks “absolutely take privacy and security very seriously.”
Phil Lieberman, CEO of the US security company Lieberman Software, stated, “Most of the serious intrusions are from dumb mistakes made by companies that are easily remediated by a consistent approach to managing access, security and looking for significant anomalies. Countermeasures are simple and effective such as air gaps, rate limiting, IP reputation, and improving identity management.” He continued, “Other simple ideas like compartmentalisation, security classification of assets and access, and the management of privileged identities and access provide large ROI and reduction of losses.”
He continued, “Other simple ideas like compartmentalisation, security classification of assets and access, and the management of privileged identities and access provide large ROI and reduction of losses.”