Veracode Calls for Financial Institutions to Shake Up and Evaluate Software Security Processes

BURLINGTON, Mass., June 27, 2012 /PRNewswire/ -- Veracode, Inc., the leader in application security services, today called for financial institutions to re-evaluate their security processes in light of recent large-scale attacks on global payments systems that have put millions of customers' data at risk.

As account takeovers, third-party payment processor breaches, market trading exploitation, supply chain infiltration and mobile banking hacks become more prevalent and complex, Veracode warns that anything less than real-time security processes will no longer be sufficient.

The latest financial industry data breach, involving Global Payments, the company which processes card transactions for Visa and MasterCard, affected approximately 1.5 million customer accounts. This closely followed the hack of Citibank  in 2011 which exposed the customer names, account numbers and contact information of nearly 1 percent of the company's 21 million users, close to 360,000 customers. A minimum of $2.7 million was lost as a result.

Four of the top five most recent costly financial services data breaches were all a result of hacking, and of those, two were known to be related to a lapse in application security; NASDAQ and Citibank.

Despite the warning signs, the 451 Group states that the market size for automated application security technologies is forecast to only slightly be over $1 billion by 2014. By comparison, DataMonitor forecasts the size of the global software market to have a value of $299.1 billion in 2014-- an increase of 32.6 percent since 2009. This means organizations will be spending just 0.3 percent of what they pay for software to ensure it is secure.

"As business and financial institutions continue to adopt Internet-based commerce systems, the opportunities for cyber crime increase at retail and consumer levels. These recent attacks need to be seen as a warning sign for other institutions to act fast and to evaluate their existing processes," said Chris Wysopal, Co-Founder and CTO of Veracode. "This, coupled with the fact that cyber criminals are becoming more innovative every day, means financial institutions cannot rely solely on any single control for authorizing transactions and that a system of layered security, starting at the application level is essential, yet currently being severely overlooked."

Veracode's research shows that 84 percent of web applications from public companies – including financial organizations – were found to be vulnerable to web application vulnerabilities listed in the OWASP Top 10. Plus, results show public company revenue has no bearing on application security performance against industry standards, proving that improvements are needed across companies of all sizes, including the most global financial institutions.

About Veracode

Veracode is the only independent provider of cloud-based application intelligence and security verification services.  The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components.  By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis.  Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud.  Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands.  For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

SOURCE Veracode, Inc.