View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Legacy tech makes Financial Services an easy target for hackers

Porous code and a lack of security architecture leave FS firms open to cyber threats.

By Tom Ball

Financial Services organisations have been found to be particularly susceptible to security risks due to legacy technology that drives the multitude of applications utilised within the industry.

These findings are particularly concerning as the industry carries large amounts of sensitive data, and could incur severe regulatory fines because of the poor performance.

It is named the CRASH Report, 2017 Global Sample, and it was undertaken by Cast Research Labs, which is focussed on studying software implementation in business technology.

The structural quality trends of business application software investigated across a range of areas forms the body of the report, these areas include telecommunications, insurance, financial services, national and local governments, retail and manufacturing.

1.03 billion lines of code were analysed in the report, across 1,850 applications submitted by over 329 organisations in eight different countries.

The different areas were tested based on a number of ‘Health Factors’ including robustness and transferability. On robustness for example, “tests revealed the primary differences occurred between government, which earned the highest mean score and financial services, which earned the lowest mean score”.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The financial services “contained both the highest and lowest scores” and that “core transaction systems are concentrated most heavily in the financial services and insurance industries”.

The most substantial concentration of applications also came from the financial services according to the report, and it notes that the financial services use a large amount of common business-orientated language (COBOL), which is still widely used in legacy applications.

                READ MORE: Carbon Black CTO: Why it’s time to kill legacy antivirus

According to the report, “financial services tended to have lower scores across all of the Health Factors, but this was probably because of its greater proportion of COBOL-based core transaction systems”.

Dr. Bill Curtis, SVP and Chief Scientist at CAST Research Labs said: “Lack of security architecture combined with porous code in legacy systems produce easy targets for hackers. This is especially concerning in Financial Services applications,”

“Despite the push to ‘go digital’ our CRASH Report findings indicate there is a significant amount of bad code lingering in enterprise systems. The takeaway for IT is clear: poor software quality is exposing many businesses to excessive risk.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.