Contrast Security, the runtime security leader, today released Modern Heist Bank Report 2025, revealing that the financial sector faced a surge in attacks, with 64% of respondents reporting cybersecur...
Report finds APIs, cloud environments, and applications are the attack vectors of choice
PLEASANTON, Calif.: Contrast Security, the runtime security leader, today released Modern Heist Bank Report 2025, revealing that the financial sector faced a surge in attacks, with 64% of respondents reporting cybersecurity incidents in the past 12 months. Contrast Security’s annual report sheds light on the cybersecurity threats facing the financial sector, providing an eye-opening perspective on the changing behavior of cybercriminals and defensive shifts in today’s environment.
“Our research found that the financial sector is facing increasing threats with a noticeable uptick in zero-day and destructive attacks,” said Tom Kellermann, Cybersecurity Advisor for Contrast Security. “We also uncovered that not only are APIs, cloud environments, and applications the attack vectors of choice, but also, today’s motive has changed. Cybercriminals are no longer going after data. Instead, they’re island hopping, or hijacking an organization’s digital transformation and using that infrastructure to launch attacks against a company’s customers and partners. As tactics and motives evolve, financial institutions need to rethink how they are protecting themselves. Continuous monitoring of the application layer for behavioral anomalies is imperative, and to do that, organizations must implement application defense and response (ADR) to block attacks in production and catch vulnerabilities in apps and APIs.”
Contrast Security researchers found that 71% of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43%) and lack of visibility into the application layer (38%). The overwhelming concern with zero-day attacks aligns with key industry research and trends showing significant increase in zero days being exploited year-over-year. The rise in zero days is largely due to heavy spending from nation states. China and Russia are increasing their efforts to discover and create zero days to infiltrate Western critical infrastructures.
Financial institutions are further challenged by legacy technology, with 82% overrelying on web application firewalls (WAF) and 61% saying they considered their WAFs to be effective. However, reliance on WAFs alone is inadequate against zero-day exploits and modern application attacks. In light of all this, it’s no surprise that zero days were the top application-related security concern. In fact, fewer than 25% said they were confident that their current security controls could mitigate such an attack.
The report’s key findings include:
Offense must inform defense, and as zero days and API attacks surge, financial institutions need to implement ADR solutions purpose-built to provide ground truth at the application layer. ADR is the only real-time and always-on application and API security solution that prevents exploits in production and insecure programming during development. As a result, organizations are enabled to block attacks and easily scale to protect the entire software portfolio, including applications, APIs, and third-party applications.
To download the full report, visit https://www.contrastsecurity.com/modern-bank-heists-report-2025-adr.
Methodology
Participants interviewed for this study consisted of 35 CISOs, SVPs of Cybersecurity and Managing Directors of Information Security in financial institutions.
About Contrast Security
Contrast Security is the world’s leader in Runtime Application Security, embedding code analysis and attack prevention directly into software. Contrast’s patented security instrumentation disrupts traditional AppSec approaches with integrated and comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. The Contrast Runtime Security Platform enables powerful Application Security Testing and Application Detection and Response, allowing developers, AppSec teams, and SecOps teams to better protect and defend their applications against the ever-evolving threat landscape. Application Security programs need to modernize. Contrast empowers teams to innovate — with confidence. Learn more: https://www.contrastsecurity.com/.
Fonte: Business Wire
Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…
G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
CoStar Group, Inc. (NASDAQ: CSGP) (“CoStar Group,” “we” or “our”), a leading provider of online real estate marketplaces, information and analytics in…
BJ’s Wholesale Club (NYSE: BJ) announced today that its club in Brooksville, Florida, will open on February 21, 2025. The club, located at 13085 Cortez…
University of Phoenix College of Doctoral Studies has released a new white paper, “Economic Influence of AI on Career Optimism,” by Christine Marquis,…
Qurate Retail, Inc. (Nasdaq: QRTEA, QRTEB, QRTEP) today announced that an authorized committee of its Board of Directors declared the regular quarterly…