This has been a difficult transition for many large, established financial institutions. Many banks still rely on legacy IT infrastructure, such as mainframe and dedicated datacenters, and are hindered by strict regulatory standards that make it difficult and risky to open up their networks.
This transition has been brought on and supported by an explosion in fintech companies and solutions that have had an immense disruptive impact. While technology has long been a part of finance back-office functions, fintech startups have made this technology consumer-facing, using both IoT connected devices and APIs to revolutionize how people interact with their money and their banks.
Fintech companies have been able to innovate at a rapid pace, as they are not bound by legacy IT or, especially, extreme governance. This has allowed them to churn out new products and updates at an increased rate that regulatory bodies have struggled to keep up with. However, as fintech becomes more engrained in consumers’ everyday lives, accessing and storing the sensitive personal data that cybercriminals covet is an increasing challenge, and regulatory crackdowns are inevitable. As a case in point, the EU is enacting sweeping regulations to secure the personal data of consumers: GDPR taking effect in May 2018.
It has become clear that moving forward, established financial institutions and new fintech firms will need to collaborate in order to continue driving innovation and meeting consumer needs while simultaneously satisfying new regulatory requirements. The success of each set of organizations is dependent on the other. In fact, data shows that three-quarters of large financial firms recognize the importance of collaboration with fintech.
For established firms, such partnerships will allow for faster innovation that keeps pace with consumer demands, while the value for smaller fintech firms will come from the revenue, scale, and credibility banks provide. One key challenge impacting these partnerships, and potentially slowing down the rate of progress needed to remain competitive, however, is cybersecurity.
While the majority of banks see these partnerships as necessary, 71 percent are also concerned with the cyber risks associated with fintech firms, while 48 percent cite regulatory risks as a deterrence. This is in part because younger fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns especially surround application security and cloud use, which are the most important development inflection points that the market is demanding.
To remain competitive as consumers increasingly demand personalized and on-demand capabilities, banks and fintech need to find a way forward that allows for technical innovation and performance without compromising security. To address these concerns, banks and fintech organizations should focus on the following key security areas:
Consumerization of finance means the increased usage of applications. Fintech largely relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Additionally, finance has been an early adopter of DevOps and agile development, with 87 percent of firms affirming their reliance on DevOps as a continuous release model that enables them to meet consumer demands for updated features and improved user experience. But this approach can also leave room for vulnerabilities. Applications are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks. To this end, banks and fintech have to ensure that a robust application security infrastructure in place designed to protect user data. This should include things like a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as detect and patch vulnerabilities.
Effective digital innovation also makes ample use of cloud computing and storage. Many fintech companies utilize cloud services to provide consistent, scalable performance with lower upfront costs. However, the cloud must be secured differently than a traditional network or data center, and disparate point solutions often amplify data movement while reducing visibility across these distributed environments. As a result, if financial data is going to be stored in the cloud, banks and fintech firms must ensure that the same security standards they apply to their own networks are applied in the cloud. In addition to detection and prevention, this security must also be dynamically adaptable and scalable to ensure that is can grow seamlessly alongside cloud use. Additionally, to secure financial data, firms need to implement internal segmentation, along with cloud access security brokers, to improve data visibility while integrating industry security standards.
Automated Threat Intelligence
Such integrated defenses also need be enabled with automated threat intelligence built into them as a holistic system. As security devices monitor the network, they naturally collect data on at-risk devices, known attacks, common attack trends, and more. To be effective, this information needs to be dynamically shared and correlated across all security instances. As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a manner that allows them to respond to risk in a timely or meaningful manner. Machine learning will be integral to this process. Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organization to keep pace with cybercriminals.
Furthermore, threat intelligence gathered not only needs to be available to each tool deployed across the network, but provided in a form that can be easily consumed and leveraged. An abundance of raw threat data from disparate solutions can actually decrease visibility, and therefore security, especially in those partnerships where multiple teams and systems are involved. Which is why banks and fintech organizations should seek to integrate traditionally isolated security solutions together using a common security fabric approach that allows for instant and dynamic communication and collaboration within the security architecture.
Large financial institutions and smaller fintech companies each require elements the other can provide in order to successfully meet growing consumer demands for greater access to and management of their finances. As a result, the lack of consistent fintech cybersecurity will be a hindrance for both. As these two sides of the financial services space increasingly partner up, then, cybersecurity – especially application security, cloud security, and automation – will have to become top concerns to maintain data protection and meet compliance requirements while responding to the shifting demands of the marketplace.