Since the advent of the internet and the subsequent digital revolution, the global financial landscape has changed significantly. As computers have grown in importance in how we conduct our daily activities, there has been a change across all sectors of financial institutions in how business is conducted.
These advances in technology have created new regulations and laws regarding financial activities, while simultaneously enabling criminal activities. A growing concern for banks is how to react efficiently to a multitude of cybersecurity concerns. From malicious hacking to vulnerabilities in existing infrastructures, the exposure of confidential data as well as the need to prevent criminal activities from taking place on their platforms, banks are faced with a wide variety of challenges.
This article will explore some of the major cybersecurity concerns facing banks today, and how they are implementing a diverse mixture of solutions to respond.
Know Your Customer (KYC)
“The Know Your Client form is a standard form in the investment industry that ensures investment advisors know detailed information about their clients' risk tolerance, investment knowledge, and financial position.”
This ethical requirement exists to help protect both investors and their clients, with regards to the opening and maintaining of accounts. Particularly as banks seek to mitigate the risks associated with fraudulent activities, this is an important step in the process of preventing and responding to fraud. For banks, this process can be long and resource consuming. As such, these processes are being automated, which cuts down time and expenses associated with the KYC process without losing the benefits that it can provide.
- Signicat: Pan European provider of KYC, authentication and digital signatures.
Know Your Business (KYB)
While it is important to understand your customer, their behavior, risk tolerance, and financial position, it is equally important to understand what is going on in your own business. There are several technologies that have emerged to help managers track what is going on in their companies. This is key not only to mitigating fraud and embezzlement, but also to managing cybersecurity risks that come from within organizations. Some examples of this include identity access management (IAM) and data provenance.
“With IAM technologies, IT managers can control user access to critical information within their organizations. Identity and access management products offer role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise.” This essentially means that company managers can control who has access to important information within their organizations, in order to better manage cybersecurity risks coming from inside of the company.
On the other hand, “Data provenance is the documentation of where a piece of data comes from and the processes and methodology by which it was produced... Provenance trails can be captured internally by software tools during their processing activity.” Providence is about creating trust, credibility and reproducibility within an organization through effective data management and records.
Money laundering, or the concealment of illegally obtained money, is a concern for banks partially due to compliance regulations but also because of risk considerations. To address money laundering within their financial institution, banks are turning Regtechs that specialize in compliance to help track and prevent illegal activities.
- Apiax: Apiax transforms complex regulations into digital compliance rules, which are constantly up-to-date and verified, accessible via an API.
- Heliocor: Heliocor is building a global anti-fraud ecosystem to change the way the world does business; restoring trust.
In recent years, database hacks have gotten a lot of media coverage, as concerns about major breaches from large corporations have come to the forefront of public attention. These types of database hacks are not only a concern for financial institutions because of the sensitive data that gets exposed, but also because of the potentially harmful publicity that it can bring. There are a lot of different things that companies are doing to try and prevent these types of hacks from being successful. Some of the most important concepts out there today include data anonymization and security by design.
“Data anonymization seeks to protect private or sensitive data by deleting or encrypting personally identifiable information from a database.” When companies deal with sensitive information (i.e. healthcare or financial industries), they can choose to delete, encrypt, or generalize the personally identifiable information data in the database in order to better protect it. This process makes the data unusable to hackers who would try to steal it. This information can usually later be de-anonymized or decoded if necessary, which brings into question how secure this process really is. However, it is definitely an important step in trying to prevent harmful database hacks.
Security by design is a software engineering concept that “means that the software has been both designed to be secure from the ground up and built in such a way as to minimize flaws that could compromise security.” This is a preventative measure that is extremely effective in addressing security concerns. As systems develop, it becomes more difficult to add security and address vulnerabilities. That is why it is so important to design systems from the outset with strong cybersecurity architecture. The key pillars of these designs include confidentiality, integrity and availability. By ensuring at software is equipped with adequate security principles from the beginning, can save financial institutions a lot of heartache in the long run.
- Darktrace: Darktrace is an artificial intelligence company for cybersecurity.
- Yogosha: Bug reports are directly usable to correct an identified vulnerability and enhance cybersecurity.
The Internet of Things (IoT)
A rather new and interesting development in technology has been the explosion of the Internet of Things. This “network of ‘smart,’ sensor-enabled devices that can communicate and coordinate with one another via the Internet,” has transformed various industries like industrial supply chains and international trade.
Even though the economic impact of IoT is enormous (some estimate that by 2025 the impact could be between $3.9-$11.1 trillion worldwide), security concerns top the list of apprehension about this technology. “One of the major challenges for IoT security is the fact that security has not traditionally been considered in product design and manufacturing for connected appliances and objects” This leaves the technology particularly vulnerable to attacks. While the potential for the Internet of Things to transform the world is absolutely there, until the product can effectively address security concerns, financial institutions should be hesitant to fully implement them. Certainly, some solutions exist to address lacking security infrastructure, however, security by design should also play a role in the creation of IoT products.
- Connax: Security and integrations with IoT applications.
As complex and varied as the cybersecurity concerns facing banks are today, so are the solutions that have emerged as a response. Digitization has changed the world as we know it. As new technologies continue to evolve and transform, cybersecurity risks grow and change with them. If financial institutions want to ensure that they are meeting their customers' needs and addressing their security concerns, they need to continue to take advantage of the solutions that exist out there, and proactively work to ensure that they are responding to risk appropriately.