Comparing and quantifying your cybersecurity posture against peer organizations in the financial sector provides valuable context for how your cybersecurity program performs relative to others in your industry. Digital Defense’s Frontline Insight™ peer comparison report in the Frontline.Cloud™ vulnerability and threat management platform provides actionable and detailed intelligence that helps your team get a valuable perspective on their effectiveness.
Related Resource: Frontline Security GPA®: Making the Grade with Risk-Based Prioritization
Grading the Financial Industry
The primary security rating metric used in the Frontline Insight report is Frontline Security GPA®. Predicated on a 4.0 & A-F grading scale, and like a grade point average in school, the higher your Security GPA, the better your security posture.
Security GPA is a weighted score based on asset criticality and the number and the severity level of active vulnerabilities. It reflects even the smallest changes to your environment that other VM systems often do not.
We ran Frontline Insight reports on our bank, credit union, and financial services clients to gain insight into the threat and vulnerability preparedness across the financial sector.*
The chart below provides the 12-month average Security GPAs for internal and external scanning and compares 2020 scores with the same period in 2019. For additional context, the Security GPAs for banks, credit unions, and financial services firms were averaged to calculate an overall financial industry GPA for internal and external vulnerability scanning.
All financial verticals performed above the platform average Security GPA for both their internal (2.72 B-) and external (3.37 B+) vulnerability scanning and remediation efforts.**
Prioritization Pays Off
The bank and credit union Security GPAs for external scanning indicate that these two groups have made headway improving their external security posture by prioritizing high-impact vulnerabilities that put their organizations most at risk.
On the other hand, the financial services vertical’s 2020 internal GPA (2.81 B-) is noticeably lower than 2019 (3.05 B+). Many variables can impact a decreased Security GPA, especially as we account for the extensive network changes in the financial industry over the past several months. Situations that could be contributing factors to the lower 2020 internal GPA for financial services include:
- A large deployment of hardware, software, or operating systems has triggered several high-level vulnerabilities that are not being addressed because organizations are going through a technology refresh.
- New vulnerabilities discovered that are targeting applications specific to the financial services vertical.
- Financial services customers may have a sizeable deployment of applications or operating systems that have recently reached end-of-life (EOL), triggering additional vulnerabilities.
- The distribution of customers that identify as financial services in Frontline.Cloud.*
Most notable in this industry comparison is that most of our financial clients’ year-over-year scores exceed platform averages, remain consistent, and improve during a time of significant technology changes across the industry. The data indicates that financial organizations are prioritizing vulnerabilities that have the most impact on their security posture and are putting security first by taking action on incidents identified through their VM program.
Peer Comparison Metrics in Frontline Insight
Frontline Insight compares your cybersecurity performance to your peers by vertical, organization size, or annual revenue. Peer comparison data presented in the Frontline Insight report for the financial industry includes:
Security GPA Breakdown by all Verticals
Compares internal and external Security GPAs broken out by all verticals represented in Frontline.Cloud.
Detailed Security GPA Trend Analysis
Provides a quick and easy way to see how well you are doing over time compared to your bank, credit union, or financial services peers.
Top 5 External & Internal Unauthenticated Vulnerabilities
The top 5 vulnerabilities are ranked by severity (medium, high, critical) and presented in a side by side comparison with your organization’s top 5 external and internal vulnerabilities.
Time to Fix External & Internal Vulnerabilities
Provides insight into the length of time your peers are taking to fix critical, high, and medium severity vulnerabilities compared to your efforts.
These metrics in the Insight report show your team which malware infections are targeting peer companies, providing greater insight into industry-specific threats and the security diligence standards of your financial sector peers.
* In Frontline.Cloud identifying an organization’s vertical is optional. This report reflects the anonymous data of all organizations that have identified their vertical as either bank, credit union, or financial services. This report does not include the anonymous data of Frontline customers that have not identified their organizational vertical, so some financial institutions using the platform may not be included in this data and are listed as ‘uncategorized’ in Frontline Insight.
**Source: Frontline Insight report Sept 11, 2020. We calculated the Financial Industry Security GPA by averaging the banking, credit union, and financial services vertical segment Security GPAs reported in Frontline.Cloud over the past 12 months.
About Digital Defense
- Asset discovery and tracking
- OS and web application risk assessment
- Targeted malware threat assessment
- Machine learning features that leverage threat intelligence
- Agentless & agent-based scanning
- Penetration testing for networks, mobile applications, and web applications
- Compliance management. One of the world’s longest tenured PCI-Approved Scanning Vendors
The Frontline.Cloud platform virtually eliminates false-positives associated with legacy vulnerability management solutions, while also automating the tracking of dynamic and transient assets and prioritizing results based on business criticality. Learn more.