Cybersecurity retained its top spot as the primary concern for banks, FinTech companies and other financial service institutions in 2017. And for good reason. As per the IBM Cyber Security Intelligence index, over 60% of all security events in 2016 happened in just a single industry – financial services.
These attacks are not only targeted at individual account holders but even the institutions themselves. Major data breaches at various companies is making matter worse. An estimated 4 billion records were comprised in 2016 and 2017 witnessed major breaches like the ones at Dun & Bradstreet (33 million corporate contacts), Equifax (143 million customers), Uber (53 million customers and drivers) and dozens of others. Attackers can potentially use the information gained from these breaches as a starting point to launch a cyber-attack.
However, the industry is pushing back. Over 85% of all financial institutions are planning to increase their cybersecurity budgets to face the challenges in the coming years. Armed with the latest in AI, cryptography, and technology, a counter assault is underway. Next, we explore the top 10 trends in financial cybersecurity for 2018.
1. Artificial Intelligence and Machine Learning
A number of FinTech tools have been designed specifically to use AI technologies to detect fraud, identity theft or tract suspicions usage of a credit card or bank account in real time. The system uses behavioural science, cybersecurity principles and its own previous experience (Machine Learning for the win!) to determine if any particular transaction is genuine or not. As more and more of the global transaction volume moves to a fully digital platform, the need for faster and smarter AI based fraud detection is skyrocketing.
Blockchains are meant to be secure by design. Perhaps the most important aspect of Blockchains is that they provide transactional level integrity – which means that transactions cannot be modified, repudiated or destroyed. In addition, there is also the added benefit of not having a single point of failure in a blockchain due it’s decentralized and distributed nature. Finally, confidentiality might also play a big role in protecting potential targets from becoming identified in the first place.
There are more than half a billion customers currently using Biometrics for identification and authentication of financial transactions. By 2020, it is expected to become the primary identification method for financial transactions. Biometric tools not only offer an amazing level of security due to the uniqueness of certain human biological features, they also are the easiest to use. Why bother remembering hundreds of unique passwords when you can just be authenticated by saying a few words or smiling into the camera?
Note: AFIS stands for Automated Fingerprint Identification System
4. Electronic identification and authentication
Signing and verifying documents digitally is more than just a technological challenge – it’s also a legal one. Which is why many countries are coming up with revised regulations on fully digital documents, including all types of legal contracts. In the EU, the eIDAS regulation standardizes electronic identification and electronic signatures across all 28-member states. In the US, something similar is covered by the ESIGN and UETA Acts.
A key defense against cyber attacks is ensuring that the attackers are never in a position to decrypt sensitive data and use it in a malicious way. Cryptography combines the disciplines of mathematics and information technology in order to create secure digital pathways. Security providers are enhancing or creating entirely new cryptographic mechanisms to protect the most vulnerable components of a financial transaction.
6. Cloud security
Even though more than 70% of the largest financial institutions are embracing the cloud – the single biggest concern is still security. The problem is not just account hijacking or data interception, but also complying with certain regulatory requirements which require banks to transfer or save all communication in a specific way. Overcoming these hurdles has become a sort of holy grail and several large tech giants are jumping into the fray. In fact, there is now even a Professional Certification in Cloud Security
7. Open Banking
Imagine if the front-end of your bank account was your favourite social media app and you could transfer money to any person or entity right there and then. That is just one of the potential ways in which open banking can be used to revolutionize finance. It allows other companies to partner with banks and connect with them using APIs to offer banking services. The key challenge is again around security and ensuring that the interface is ironclad, and that all transactions are secure.
8. Government regulation
Certain governments are more active than others while dealing with the new types of threats in the digital environment. The European Commission has been pushing out directives and guidelines to protect everything including information networks, citizen privacy while still providing for appropriate use of public data and ensuring transparency. The guidelines are formulated after a public discourse where experts and normal citizens can share their views.
9. Financial/ technical education
The rapid proliferation of Fintech apps has meant greater availability of financial tools to millions. However, it has also increased the prevalence of fraud, identity theft, and other financial crime. New users who aren’t too familiar with how IT technologies work are especially at risk. This is led to the rise of a new sub-segment in the industry – providing financial education about how financial products work and how to use them safely.
10. Cyber Threat Intelligence
The harsh truth is that digital threats are evolving just as fast as cybersecurity tools are. Cyber Threat Intelligence is the catch-all phrase used to define the collection and sharing of intelligence, information, patterns of attacks and potential vulnerabilities between organizations, law enforcement agencies, and even nation-states. With cyber-attacks increasing in frequency as well as lethality, a coordinated response might go a long way in minimizing the damage.