Finance
Finance Sector Faces Rising Security Debt, Threatening Stability
Chris Wysopal, Chief Security Evangelist at Veracode, highlights the severe implications: “As AI-driven cyber-attacks continue to grow in strength and numbers, and organisations struggle to keep up with evolving regulations due to existing security debt, the current landscape allows threat actors to exploit vulnerabilities at an alarming, unprecedented rate.”
“The high rate of security debt in the financial sector poses significant risks to organisations and their customers if not addressed quickly.”
Addressing First-Party and Third-Party Code Vulnerabilities
Veracode’s findings stress the necessity for financial service entities to handle security flaws in both first-party and third-party code. While 84% of all security debt affects first-party code, a staggering majority of critical security debt arises from third-party dependencies. This emphasises the need for comprehensive security strategies that cover not just an organisation’s proprietary code but also the open-source and third-party components integrated into their applications.
The disparity in remediation timelines between first-party and third-party flaws is noteworthy. Financial organisations typically amend half of the first-party flaws within nine months, in contrast to 13 months for third-party flaws. Additionally, 52% of third-party flaws translate into security debt, compared to 44% of first-party flaws.