Partly or fully unsupported applications are widespread in financial services firms, resulting in vulnerable systems
- Published: Thursday, 27 September 2018 08:38
UK financial services companies are facing major security issues due to outdated services and applications, with only 6 percent knowing when all their infrastructure components will reach their end-of-life date.
This was the key finding from research by KCOM which surveyed 200 IT decision-makers in financial services, and found the average firm has 434 server-based applications either partly or fully unsupported and over 400 applications that are out of support, or which have end-of-life components.
When technology reaches the end of its life it is no longer supported by its manufacturer, and owners can no longer benefit from patches, operating system updates, or on-site visits to repair hardware. This presents serious security and compliance vulnerabilities, putting the business at risk of cyber attacks and regulatory fines – not to mention significant delays when introducing new services for customers.
To address the issue financial services organizations are making major investments to modernise their IT infrastructure with 79 percent either ‘definitely’ or ‘probably’ planning to use the cloud or cloud-based services to replace on-premises end-of-life products. To date, only 33 percent of financial services businesses have migrated half or more of their applications to the cloud.
KCOM’s research lays bare the effects of legacy infrastructure. An overwhelming majority of respondents (92 percent) admitted that maintaining server infrastructure was a challenge, with 47 percent reporting this to be ‘very challenging’. Nine in ten also said that processing bottlenecks were a major capacity challenge, 84 percent identified insufficient test environments, and 83 percent insufficient back-up storage.
When asked how often they conducted a risk audit, vulnerability scan or penetration test across their server landscape, 14 percent of financial companies had not completed any kind of audit in the last year, and only 51 percent had completed the Bank of England stress test. 60 percent had conducted a PCI audit, 58 percent hold an ISO 27001 certification and 62 percent felt they were compliant with FCA guidelines.
Download the full report.