Porous code and a lack of security architecture leave FS firms open to cyber threats.
Financial Services organisations have been found to be particularly susceptible to security risks due to legacy technology that drives the multitude of applications utilised within the industry.
These findings are particularly concerning as the industry carries large amounts of sensitive data, and could incur severe regulatory fines because of the poor performance.
It is named the CRASH Report, 2017 Global Sample, and it was undertaken by Cast Research Labs, which is focussed on studying software implementation in business technology.
The structural quality trends of business application software investigated across a range of areas forms the body of the report, these areas include telecommunications, insurance, financial services, national and local governments, retail and manufacturing.
1.03 billion lines of code were analysed in the report, across 1,850 applications submitted by over 329 organisations in eight different countries.
The different areas were tested based on a number of ‘Health Factors’ including robustness and transferability. On robustness for example, “tests revealed the primary differences occurred between government, which earned the highest mean score and financial services, which earned the lowest mean score”.
The financial services “contained both the highest and lowest scores” and that “core transaction systems are concentrated most heavily in the financial services and insurance industries”.
The most substantial concentration of applications also came from the financial services according to the report, and it notes that the financial services use a large amount of common business-orientated language (COBOL), which is still widely used in legacy applications.
According to the report, “financial services tended to have lower scores across all of the Health Factors, but this was probably because of its greater proportion of COBOL-based core transaction systems”.
Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs said: “Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers. This is especially concerning in Financial Services applications,”
“Despite the push to ‘go digital’ our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”