Securing the Digital Future: AppSec Best Practices in Digital Banking

On November 12th, 2024, at the Pavilion Hotel in Kuala Lumpur, Snyk’s Field CTO, Pas Apicella, delivered an insightful presentation at the Digital Banking Asia Summit 2024 in Malaysia. Titled, ‘Securing the Digital Future: Best Practices for Application Security in Digital Banking’, his talk focused on actionable strategies to address pressing challenges in the financial services industry.

In his presentation, Pas Apicella highlighted three key areas:

1. Top Challenges in Application Security

2. Key Challenges for Developers and Security Teams

3. Leadership Considerations and Defining Success in Application Security

Below is a summary of the key takeaways from his talk.

Top Challenges in Application Security

Financial services institutions (FSIs), including banks and insurers, face unique challenges in ensuring application security. Pas Apicella outlined the following key obstacles:

• Regulatory Compliance: Adhering to strict regulations is a fundamental requirement in the financial sector.

• Third-party Integration: As FSIs integrate with external systems, maintaining security becomes more complex.

• Sophisticated Attackers: The financial sector is frequently targeted by highly skilled attackers aiming for sensitive data.

• Complexity of Applications: Large FSIs often deal with intricate application architectures, increasing security risks.

• Legacy Systems: Outdated infrastructure in many financial organizations creates vulnerabilities and hinders modernization efforts.

• Resource Limitations: Security teams are often vastly outnumbered, with as few as one security professional per 3,000+ developers.

• Insider Threats: The risk of malicious or accidental actions by internal staff remains a significant concern.

• Release Velocity and Secure Customer Experience: Balancing rapid development cycles with robust security is critical for competitiveness.

Key Challenges for Developers and Security Teams

Collaboration between developers and security teams is vital but often falls short due to several challenges that create disconnects and inefficiencies. One major issue is the lack of shared context, as security teams frequently lack visibility into what developers are building, leading to misalignment. 

Compounding this problem is the absence of crucial business and technical context, which complicates risk prioritization by leaving teams uncertain about the business impact of vulnerabilities—for example, the difference between risks in public-facing applications versus internal systems. 

This challenge becomes even more critical in large banks, where the sheer volume of vulnerabilities—often numbering in the hundreds of thousands—demands a focused approach to identifying and addressing the most pressing risks first.

Top Considerations for Leadership

Pas Apicella highlighted distinct priorities for CTOs and CISOs, emphasizing their complementary focus areas. For CTOs, priorities center on automation, developer productivity, and ease of use, ensuring engineering teams can seamlessly adopt security tools. Meanwhile, CISOs prioritize compliance, detailed reporting, and real-time visibility into the organization’s risk posture, which are critical for maintaining robust governance. 

Defining Success in Application Security

Achieving success in application security requires a clear strategy and the right tools. Pas Apicella defined five pillars of success:

1. Developer Adoption: Security tools must be developer-friendly and fully integrated into their workflows.

2. Security Trust: Organizations must rely on up-to-date and dependable security data.

3. Delivering Fixes: Tools should provide actionable remediation guidance to ensure vulnerabilities are addressed effectively.

4. Comprehensive Platform: Unified tools for reporting, analytics, and policy automation reduce complexity and increase efficiency.

5. Partner Ecosystem: A robust network of technology partners helps organizations mitigate risk across all areas of security.

Watch the Full Presentation On-Demand

Watch Pas Apicella’s full presentation here.

Contact us to learn more about how Snyk supports financial services organizations and to discuss your specific needs and provide tailored solutions.

Stay tuned for more insights on how Snyk is helping the financial services industry secure the digital future!