The Guardian has reported that consumer group, Which?, says five of the UK’s biggest banks and building societies consistently scored poorly in its security test, including Lloyds and Santander.
Commenting on this, Mike Ahmadi, Global Director – Critical Systems Security at Synopsys, said: “The world of security issues that can be enumerated represents the results of an infinite space problem. Systems are designed and deployed with specific functional requirements, or use cases. Most cybersecurity issues represent non-functional issues, or misuse cases. As it turns out, there are an infinite number of ways to misuse a system, and that makes cybersecurity a very challenging problem to solve. Organisations need to deploy automated testing tools in order to quickly enumerate vulnerabilities and “shrink” the infinite space of issues down to a manageable size of the most common or likely issues, so security teams and developers can better prioritise what needs to be addressed.”
(109)
