Noname Security Announces IBM Partnership
As the worldwide Director of Alliances at Noname…
Financial services companies are a favorite target for threat actors. Most of us are familiar with the Equifax and Capital One breaches that exposed hundreds of millions of customer records. But there are other attacks that don’t make the headlines. Over the years, the Carnegie Endowment’s FinCyber project has documented hundreds of separate cyber incidents impacting financial institutions around the world.
Cyberattacks can damage a firm’s reputation, disrupt business, and result in costly regulatory fines and legal settlements. (Equifax agreed to a $575 million settlement.) According to a 2022 IBM Security report, the average cost of financial services data breach is now $5.97 million, the highest of any industry other than healthcare.
Threat actors are continuously honing their skills, looking for new ways to penetrate financial services networks, exfiltrate data, and commit crimes. Now, many are setting their sights on APIs (Application Programming Interfaces)—an attack vector often overlooked by corporate information security, compliance, and risk management organizations. According to a 2022 Akamai State of the Internet report, financial services web application and API attacks increased by 257% last year, the highest increase of any major industry.
Threat actors can exploit API vulnerabilities to steal customer data, take over accounts, siphon funds, or take down critical IT systems. A Coinbase API flaw demonstrates just how damaging an API attack can be. This particular vulnerability allowed an adversary to sell cryptocurrency they did not own! Coinbase was fortunate enough to fix the bug before it was exploited in the wild. Other firms may not be so lucky.
Regulators are taking notice, instituting new rules to strengthen API security and protect consumers. In the US, for example, the Federal Financial Institutions Examination Council (FFIEC) recently revised its cybersecurity guidelines to reflect the evolving threat landscape, adding specific considerations for API security.
The latest FFIEC Information Technology Examination Handbook devotes an entire section to application programming interfaces, explaining how “…broken, exposed, or compromised APIs can be exploited by malicious actors and used in data breaches.” The handbook describes a range of security controls to help financial institutions safeguard APIs, protect confidential data, and defend against attacks.
The latest FFIEC Authentication and Access to Financial Institution Services and Systems Guidance offers additional API security recommendations and provides specific risk management guidelines such as inventorying APIs to identify potential vulnerabilities and reduce exposure.
The Nomame API Security Platform is specifically designed to help organizations protect their API estate. The platform helps financial services firms improve visibility and control over their APIs and address the latest API security guidelines issued by the FFIEC and other regulatory bodies.
The Noname platform provides:
The financial services industry is one of the most frequently targeted and widely regulated industries. Banks, brokerage houses, insurers, lenders, and payment services companies are subject to a wide array of industry and government cybersecurity regulations including:
Whether you work for an upstart fintech company or a traditional financial services firm, Noname can help you strengthen API security, improve regulatory compliance, and streamline audits.
Download our Automate API Governance & Data Compliance whitepaper to learn more about the Noname platform. Read our Rapyd case study to learn how Noname helped a global fintech company improve visibility and control over its API estate. Visit our API Security for Financial Services page for more information.
Experience the speed, scale, and security that only Noname can provide. You’ll never look at APIs the same way again.