Consumer Data at Risk From Poor Endpoint Security, According to New Research from Omlis
The report from Omlis, published this week, suggests that poor endpoint security in banks is primary weakness to cyberattacks
With the rise in digital consumer activities, as well as increased ways to access secure organizational data, endpoint security has consistently proven vulnerable to attack. Endpoints within an organization’s architecture consist of all points that consumers interact directly with, like mobile banking apps or digital banking interfaces on websites. More than 70% of breaches begin at the endpoint, primarily due to user behavior that leaves organizations vulnerable. This is increasingly attributed to the mobile channel.
In the report, “Data Breaches: An Inside Perspective,” Omlis finds that “endpoint security almost universally tends to be poor.” The report identifies mobile endpoints as a primary vulnerability within TFIs’ (traditional financial institutions’) security infrastructures. A new method for securing sensitive consumer data is required to respond to the growing use of mobile devices, not only for transacting with mobile payments but also due to the use of mobile devices within the workplace.
One key example of weak endpoint security is unsecured networks. “It is untrusted networks through the internet that cause the most problems,” said David Clarke, Chief Technical Officer at Orion Software and Services, in one of nine interviews with cyber security experts conducted in the report, published today, April 20th 2015.
Many organizations that store sensitive data, including banks, often rely on an SSL (Secure Sockets Layer) connection to provide an https (secure) internet connection. However, SSL vulnerabilities are prevalent within many popular Android mobile apps, according to Fireeye. This was recently displayed in a number of cases. The FREAK attacks that were uncovered in March 2015 occur when a MITM (man-in-the-middle) attack intercepts and modifies the encrypted traffic between the mobile app and backend server, according to Fireeye. This attack left thousands of mobile apps, both Android and iOS, vulnerable, which included sensitive consumer data and financial information.
"The fact that these attacks have easily bypassed the security that many organizations’ depend on entirely demonstrates the ease of accessing their networks, devices and sensitive data," said Markus Milsted, CEO of Omlis. "It’s now necessary to implement high integrity endpoint security and stronger authentication measures in order to protect against a range of sophisticated technologies and clever hackers who can access organizations through multiple entry points.”
The increasing use of mobile devices in the workplace, or BYOD (bring your own device) policies has also created a new range of security weakness stemming from mobile devices. This can compromise personal financial data stored on the phone's apps, as well as corporate data accessed via email or mobile internet.
“Company networks are made increasingly vulnerable with potential malware associated with mobile devices. Endpoint security solutions can be effective for improving BYOD policies by preventing access, reducing risk of attack or loss of data,” said Simon Cairns, Director of Orion Software and Services and Omlis distribution partner. “Organizations must implement security technologies to address these common failures and improve the security of their consumers’ information.”
Another recent survey shows that most businesses- 85% of respondents- plan to increase their endpoint security budgets this year, according to Enterprise Strategy Group. In the survey, 66% have recently re-evaluated their endpoint security policies and 56% have purchased new endpoint technologies. Technavio estimates that the endpoint security market with grow at a CAGR of 10.4% by 2019 on a global scale.
Omlis delivers effective implementation of endpoint security by utilizing high integrity coding to secure mobile devices. The C-by-C (Correctness-by-Construction) approach using high integrity development that powers Omlis technology has typically been used for safety-critical security which cannot fault, in applications including air traffic control, military aviation and nuclear safety. The Omlis security architecture can prevent against mobile fraud by defending organization’s internal and external mobile access points from sophisticated threats.
“Our endpoint security solution also utilizes mobile devices in a novel way, by spreading risk typically associated with storing data in a central database,” said John Stuart, Chief Commercial Officer at Omlis. “By encrypting data at the endpoint, the mobile device, the amount of consumer data transacted and stored by the company is significantly reduced, removing risk that is inherent in other solutions. The security solution is highly interoperable and scalable, allowing for simple installation and providing complete protection with an additional level of security.”
This means that even if a hacker does successfully breach an endpoint, only the data housed in that particular endpoint is compromised, rather than the countless amount of data that is stored by TFIs at a single point within the traditional in-house server infrastructures. By implementing high integrity endpoint security technology, Omlis leads the mobile payments security industry, allowing organizations to transact in a secure channel.
Download the full report, Data Breaches: An Inside Perspective to learn about the complex range of security weaknesses faced by traditional financial institutions. http://www.omlis.com/omlis-media-room/original-omlis-research/ and access the original press release here.