Dynatrace has released the Global CISO Regional Bank 2023 Report, highlighting a concerning surge in application security vulnerabilities within financial organisations. The report underscores the need for advanced run-time vulnerability management solutions to fortify the existing security framework of financial institutions.
According to the report, 76 per cent of Chief Information Security Officers (CISOs) in the financial services sector believe that despite having a robust, multi-layered security posture, gaps still allow vulnerabilities into production. Even though 58 per cent of financial services organisations have layered cybersecurity frameworks with five or more different types of security solutions, only six per cent have real-time visibility into run-time vulnerabilities.
In the era of accelerated digital transformation, many security solutions only provide a static view at one specific time and lack the runtime context necessary to distinguish between a minor risk and a potentially disastrous exposure. This results in security teams at financial institutions being bombarded with many alerts, many of which are false positives, duplicates or low priority. For instance, financial services organisations receive over 2,200 alerts to potential application security vulnerabilities each month and almost 33 per cent of application security vulnerability alerts each day. Close to 74 per cent of CISOs agree that the volume of alerts makes it challenging to prioritise vulnerabilities based on risk and impact, as per the report.
Commenting on the report, Subbu Subramanian, Country Director- India, Dynatrace said, “The insights revealed in the report certainly highlight critical juncture for financial organisations emphasising the need for a dynamic and automated approach to application security. As regional banks navigate evolving customer demands and embrace cutting-edge technologies, the challenge lies in securing digital innovation without compromise. This can only be achieved by continuous run-time vulnerability management by converging observability and security solutions together.”