BFSI Application Security Attacks up by More Than 250% in 2022

Application security continues to be a priority as more organizations in the banking sector find themselves targeted by cyber attacks. As new technologies are developed and business continues to be conducted in a multi-cloud environment, it’s becoming more difficult to manage the attack surface and underlying technologies. 2022 has seen a notable increasing trend in web application and API attacks. 2022 continues to prove that robust application security policies and practices are an important strategy in mitigating the risk of a data breach, or serious consequences from application security attacks. 

How Much Have Increased Application Security Attacks on Financial Institutions?

Akamai Technologies, inc. released a new report revealing a 257% growth in web application and API attacks on the financial sector year-over-year. They also saw an increase of 81% in bot activity which likely results in an increase in their efficiency. 
The same report also found that DDoS attacks on other financial institutions continue to increase by 22% year-over-year and found that threat actors are using techniques in their phishing campaigns to bypass two-factor authentication solutions.

While the findings pertain to the financial sector, the report has broader implications for enterprises and highlights that web applications and financial service APIs are a core target for cybercriminals as we move into 2023.

With a variety of sensitive data and customer information, the financial services industry consistently ranks in the top three targeted verticals for web applications, API, and DDoS attacks. The report details that FinServ has shown a 3.5x surge in web application attacks year over year showing that organizations in the banking industry continue to be the most targeted, and highest-growth industry for cyber threats. 
One exploit took less than 24 hours to be used for thousands of attacks per hour. This type of data breach and the intensity at which the attack took place left little time to react, or create live patches to protect sensitive customer data. 
While financial institutions are at the forefront of a multitude of attacks, no organization is safe. 

How Common Are Application Security Attacks?

AppSec attacks are common and will continue to affect a growing number of mobile apps as time goes on. The reality is that the attack surface continues to evolve and grow. The more technologies in place, the more opportunities for malicious attacks to occur. 

The study conducted by Akamai suggests that as much as one half of financial firms surveyed have experienced an AppSec attack of some sort, from phishing attacks to supply chain attacks to ransomware attacks. The study also suggests that as many as a third of these organizations don’t know whether they’ve been subjected to any of these cybersecurity threats or not.

While one in two financial institutions is subjected to data breaches and many other emerging threats, the truth is that these attacks aren’t limited to banking services alone. Other industries around technology, commerce, and video media are also top of the list for application security and API attacks, and are starting to be more aware of their security posture.

Mitigating Application Security Risks in 2023

There are a number of steps that enterprises in the banking industry can take to increase their resilience against API-driven threats. One of the most effective methods is to invest in technology that automates part of the process. Whether it’s discovering APIs or validating security policies, automation helps create an additional layer of protection and speeds up the process of uncovering potential threats. 

It would also help to catalog the usage extent of third-party and internal APIs. Maintaining a single source of truth for these implementations can reduce the risk of potential vulnerabilities. Commonalities may also arise between some of the APIs reducing the time necessary to develop a secure environment. 

As a baseline, it’s also helpful to review risk models and ensure that customer threats and fraud prevention is prioritized and planned for. 

API and Web Application Attacks in 2023 and Beyond

Attacks against applications are a growing threat, putting businesses at risk of malware, disruption, theft, and misconfiguration exploits. Organizations that prioritize their application security process and risk management will have an advantage in protecting sensitive customer data and keeping their mobile applications protected. Application security should continue to be a priority around digital transformation in 2023 and beyond, not only for security professionals, but for everyone involved in developing the banking apps that will host crucial customer information and other sensitive data. 

A large obstacle for many organizations in the financial services sector is a lack of these security professionals. It’s difficult to maintain enough staff to manage the growing attack surface. Fortunately, software can help mitigate the pressure on AppSec professionals in the current cybersecurity landscape. Whether it’s through automation or advanced threat modeling, AppSec software can help bridge the gap. 

Whether it’s cross-site scripting, SQL injection, potential defects, malicious code, or application layer attacks, the key to the prevention of a successful attack affecting customer accounts in today’s hybrid business technology stack is to equip modern security teams with the best possible tools.