ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Leveraging Crowdsourced Security to Defend Against Rising Threats

October 28, 2021
Reading Time: 4 mins read
Leveraging Crowdsourced Security to Defend Against Rising Threats

By Ashish Gupta

Each year, financial institutions are 300 times more likely than companies in other industries to experience a cyberattack. This challenge is further compounded the more digital assets a company has. For example, in partnership with Bit Discovery, we assessed the attack surface of numerous global financial services companies in our Investment Banking and Credit Issuer State of the Attack Surface report, and found each institution had as many as 110,683 Internet-connected assets that could potentially be exploited for vulnerabilities.

As financial organizations increase in size and service offerings, their potential attack surface increases as well—inherently raising the number of potential security vulnerabilities. Taking an offensive approach is a highly effective and necessary action for financial institutions to better prepare against advanced attacks as well as mitigate risks. Vulnerability disclosure programs, penetration testing (pentesting) and leveraging the power of crowdsourced security are three ways financial services providers can proactively elevate their security posture.

Employ a vulnerability disclosure program to identify weaknesses

A vulnerability disclosure program provides a way for anyone to report potential security risks to an organization. While this can be extremely helpful for financial institutions to learn about vulnerabilities in their digital assets, they can easily become inundated and overwhelmed with reports from the well-meaning public. This is where it is helpful to leverage a partner that can provide a designated team tasked with the responsibility of triaging and prioritizing vulnerability submissions.

Lean on pentesting for comprehensive assessments

Pentesting provides an overall assessment of specific targets with the attack surface by simulating a cyberattack to identify weaknesses, strengths and potential security issues, creating a comprehensive analysis of current postures. This process is performed by ethical hackers with an organization’s consent and approval, and includes a multitude of steps to determine the security posture’s overall strength and susceptibility.

Neighborhood watch

Vulnerability disclosure programs and pentesting are also effective strategies that help financial organizations lower the risk of security incidents. These methods are powered by crowdsourced security, which has gone from a “nice-to-have” feature to a necessity for most enterprises. But, organizations should take one more key step in the proactive security process to robustly and regularly defend systems with crowdsourced security.

The X-factor for financial defense: Crowdsourced security

Crowdsourced security tasks a group of public security experts and analysts (a crowd of cyber locksmiths) to test an asset for vulnerabilities and security gaps. The number of people can range from less than a dozen to several hundred testing concurrently. The more people looking for vulnerabilities, flaws in security structures and emerging threats, the more prepared financial institutions will be for a potential attack. Because of the wide mix in technologies used today, the crowd can cover extended ground by augmenting traditional security teams, increasing the ability to identify and remediate flaws that would have been missed by smaller, resource-strapped teams.

For example, Personal Capital, a hybrid digital wealth management company, needed a way to streamline its data analysis as it worked to identify weaknesses. At the time, the organization would run a scan and send the results to engineering with little visibility on the quality of results or instructions on how to remediate. This led to the organization wasting valuable time and resources analyzing bad data.

By launching a managed vulnerability disclosure program through a partner, Personal Capital saw immediate results in the quality of vulnerability findings it discovered, and was able to integrate crowdsourced security into an ongoing and holistic security program using the most innovative technology and creative thinking available.

Western Union offers another example of how a crowdsourced approach can take a financial organization’s security strategy to the next level. Western Union began with a private, invite-only bug bounty program and scaled the company’s bug bounty program over time, becoming one of the first organizations in the financial sector to launch a public bug bounty program. Through a managed bug bounty program, Western Union’s security and development teams have been able to focus on the findings themselves, as well as other projects, while skilled researchers crowdsource information and identify valid vulnerabilities.

I remember the CISO of a major financial institution saying to me that he knew his organization would be breached one day but he wanted to be known as the person who tried various layers of security to increase the cost of attack, while minimizing the gains of such an attack. In his mind, crowdsourcing gave him that extra advantage.

Crowdsourced security is gaining traction

The global crowdsourced security market is expected to grow to $135 million by 2024, as enterprises are understanding that leaning on the public to identify vulnerabilities and threats can provide a comprehensive defense posture. Crowdsourced security also lowers security costs and operational overhead. There is no agent software on applications or clients, and no software instrumentation to support. There are no network devices or virtual appliances to install and manage. Ultimately, crowdsourced security is designed to minimize IT hassle and additional systems configurations while acting as an additional arm for your security division.

Banks are responsible for safeguarding sensitive financial information and assets, making them a top-of-the-list target for threat actors. By leveraging public, crowdsourced security to implement VDPs and pentesting, financial services organizations can significantly reduce their risk.

Ashish Gupta is CEO and president of Bugcrowd.

ADVERTISEMENT

Tags: CybersecurityData
ShareTweetPin

Related Posts

Fed releases agenda for upcoming conference on large bank capital requirements

Fed seeks public input on large bank rating system revision

Compliance and Risk
July 10, 2025

The Federal Reserve requested comment on a proposal to revise its supervisory rating framework for large bank holding companies to address the "well managed" status of the firms.

FinCEN, IRS-CI launch series to help banks combat fentanyl trafficking

FinCEN extends compliance dates for fentanyl orders

Compliance and Risk
July 9, 2025

FinCEN has extended by more than a month the effective dates for orders involving three Mexico-based financial institutions with alleged ties to fentanyl trafficking, according to an agency statement.

ABA Regulatory Policy and Compliance Inbox: Must banks disclose all co-branding relationships?

ABA Regulatory Policy and Compliance Inbox: Just what is reportable under CRA?

Compliance and Risk
July 9, 2025

What about refinances and renewals for small business, small farm and community development loans? And: Understanding risk-based pricing notices.

Justice Department warns of scammers exploiting Texas floods

Justice Department warns of scammers exploiting Texas floods

Compliance and Risk
July 8, 2025

The U.S. Attorney’s Office for the Western District of Texas “is on alert” for fraudsters seeking to exploit individuals and businesses following the recent deadly floods in Texas, according to the U.S. Department of Justice.

Fraud Watch: The value of a multipronged strategy

Fraud Watch: The value of a multipronged strategy

Compliance and Risk
July 8, 2025

The value of building that response playbook and focusing on education and planning.

The ever-expanding role of chief risk officer

The ever-expanding role of chief risk officer

Human Resources
July 7, 2025

'A new era has emerged in which CROs faced greater nonfinancial risk amid pressure to boost the bottom line.'

NEWSBYTES

Mortgage rates rise

July 10, 2025

Fed seeks public input on large bank rating system revision

July 10, 2025

Senate confirms Gould as comptroller of the currency

July 10, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Breaking down the bank-related provisions in the big budget bill

July 10, 2025

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.