According to a 2017 survey of financial services institutions, only 42 percent of respondents consider their organization effective or very effective at managing cybersecurity risks. Comparatively, 80 percent considered their organization effective or very effective in managing more traditional risk types, including liquidity, underwriting, and credit.
Indeed, cybersecurity is the new frontier in risk management. Yet, as financial service organizations continue to digitize operations and adopt new technology, financial services IT faces the daunting task of managing complex – and often unknown – cybersecurity risks. In this article, we will explore three emerging fintech trends and what these will mean for financial services IT and their cybersecurity strategy.
Blockchain & Banking
Blockchain technology is most notoriously associated with cryptocurrencies such as Bitcoin. The blockchain is a public ledger that records digital transactions. And while blockchain facilitates Bitcoin and other cryptocurrencies, its technology also lends itself to more traditional financial organizations and enables them to record transactions, protect customers’ identifiable information, decentralize cross-organizational processes, and increase transparency in their work.
In 2019, the global blockchain market is expected to grow 61 percent from 2018, and by 2021 the market will have increased by 321 percent from 2018. With this surge, blockchain will overhaul more traditional transaction cadences in the financial services industry. For example, well-known companies, such as Venmo and PayPal, utilize blockchain technology.
While blockchain’s incentivizing value props, such as confidential and decentralized transactions, boast benefits to consumers and organizations alike, they also pose security risks. For example, the confidentiality in transactions makes cybercrime untraceable and autonomous, and decentralized transactions also make them irreversible.
As these and other platforms continue to adopt blockchain, the cybersecurity risks associated with blockchain’s digital transactions intensify, which demands financial services IT understand the inherent risks and implement necessary cybersecurity measures.
Artificial Intelligence & Conversational Banking
Conversational banking capitalizes on voice and text technology. Thanks to machine learning and artificial intelligence, financial services organizations are increasingly embracing technology like chatbots and voice assistants to deliver personalized and round-the-clock banking and wealth management services. In fact, 13 percent of respondents to an Adobe survey cited using voice assistants to help manage their finances.
Inquire with a chatbot about a home loan or ask Amazon’s Alexa how much money is in an account balance.
These interface changes raise additional security concerns for financial services, as they move from the traditional authentication mechanisms and perimeter defense to an identity issue. How does an institution know that the person they are chatting with or listening to is really the person authorized?
That said, advances in voice and text technology also fuel cybersecurity risks including adversarial machine learning and artificial intelligence. For example, a user’s voice can be recorded and then manipulated to request other commands, which is—for obvious reasons—a major issue when it comes to financial services and preventing adversaries from gaining access to people’s accounts and data. Text technology, like chatbots, is also susceptible to similar adversarial attacks.
Fintech Software & Cloud Computing
As with the technology detailed above, the majority of tech trends are facilitated through fintech software hosted in the cloud. Moreover, even if a financial services organization is not directly hosting workloads in the cloud, the technology it uses to facilitate its operations likely is. This makes it imperative that financial services IT understand the nuances of cloud security and formulate a risk management strategy aligned with this.
So, What Are the Fintech Cybersecurity Risks?
Fintech trends present financial services organizations with a vast array of opportunities to redesign how they connect and engage with customers. That said, financial services IT also needs to be acutely aware of the risks inherent in new technology and adequately create and implement strategies to overcome these fintech cybersecurity risks. Fintech cybersecurity risks span three categories: people, process, and technology.
The gravest threat to cybersecurity is derived from consumers, or the end users, who are interacting with your organization via fintech – particularly those who do not follow security best practices. For example, the top five passwords most used include ‘password’ and variations of numbers ordered numerically (e.g., 12345, 123456, 1234568), and Pew Center research found that 28 percent of smartphone users have no screen lock on their phones.
Additionally, financial services organizations are beholden to the security practices of their vendors. In some cases, vendors may not properly encrypt data on their platforms, maintain secure networks, or educate their own employees on security best practices. Security is a shared responsibility, and it is imperative that financial services IT institute a vendor risk management strategy that includes an audit of vendors security practices and a shared agreement between vendors and the organization on how they will manage security risks end-to-end.
Finally, the fintech itself must also provide secure applications to curb cybersecurity risks. Identity is the new perimeter of an organization’s network, so applications must support validated and non-repudiated ways to identify users. Secure applications include multi-factor authentication, biometrics, password requirements, inactive session termination, and account lock. Cybersecurity measures of these nature help to offset risks posed by end users. Keep in mind that advances in technology for account access do not always correlate to enhanced security. As an example, a recent study found that most face recognition locks were easily overcome with a 3d printed head.
Emerging fintech cultivates customer engagement and modernizes financial processes. But to unlock (pun intended) these benefits, organizations will need to overhaul their security strategy to capitalize on fintech without making the organization – and the people it serves – vulnerable to cyberattacks. Moreover, financial services IT must ensure that their policies and practices reflect the variability in end-user security awareness, vendor security standards, and fintech interface security.