Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Financial services need to become data fortresses: robust and secure

By Stuart Reed, VP of Products,Nominet

Like many industries, finance is well aware of the need to maximise the returns presented by digital.  However, financial institutions are tackling digital transformation at a pace and scale not common across other sectors. The question is, is this at the expense of security?

To explore this, Nominet recently commissioned a survey of CISOs, CTOs and CIOs at financial services providers across the UK and US, looking at the intersection of digital transformation and cyber security. It sought to explore how banks can manage third party risk, innovate, and meet evolving customer expectations while mitigating their exposure to cyber-attacks.

An appetite not to be left behind

Traditional banks have become increasingly vulnerable, juggling a myriad of challenges. Often they are having to reinvent themselves and come up with new and innovative ways to ride the wave of disruption. Mobile technologies, cloud platforms, and big data are just some examples of next generation technologies bolstering the capability of financial services institutions to improve cost efficiencies and remain relevant in today’s digital age.

Customer banking habits have shifted to expect an “always on” and “always connected” experience, and banks are aligning their services with these expectations.  According to the report, around half (49%) were implementing digital transformation programmes to keep pace with evolving customer behaviours and preferences.

But, while digital transformation might be seen as the answer to securing a bank’s future, the evolving cyber landscape means that many may be compromising themselves in the hunt to become more innovative.

Financial services institutions are in a constant battle to arm themselves against the threat of attackers trying to breach their networks and siphon off high-value data. With the majority of customers managing their finance online 24/7, a bank’s IT network is a treasure trove, hugely attractive to cyber-criminals.

Awareness of this is not lacking.  In Nominet’s survey, many were mindful of the risk exposure such digital programmes could have on their business, with about half (48%) claiming a threat to cyber security was the single biggest risk by its implementation. Over half of correspondents (53%) were equally, if not more, concerned about the increased attack surface presented by digital transformation, which now extends beyond the four walls of a bank branch.  The majority (64%) are also worried about the exposure of customer data.

A complex environment of incidents and regulation

Incidents match this increased concern. In the last year in the UK, financial services firms reported a 1000 percent increase in incidents to the Financial Conduct Authority (FCA).[i] According to the FCA, 21 percent of these were triggered by third-party failure, 19 percent from hardware or software issues, and 18 percent were caused by a change in management.[ii]

The regulatory burden is also growing for financial services firms.  On the other side of the Atlantic, many regulators believe that hackers now pose the greatest risk to the US financial system. In response, they have considered pooling resources to assess the cyber defences of America’s top banks.

In the UK, GDPR has drastically increased potential penalties on companies found to mismanage customer data. 47 percent of respondents cited compliance with new regulations as a driver for digital transformation to modernise their processes and operations.

A matter of timing

The reality is that, despite the rise in UK financial services firms falling prey to cyber breaches, businesses are failing to build security into digital transformation initiatives from the outset. Only around two in five admitted considering security, with one in five either leaving it to the pre-implementation or implementation stages. Worryingly, one in ten admitted to putting it off until their transformation was actually underway, and a handful confessed to giving cyber security no thought at all.

The majority of financial institutions are now opting to outsource essential back-office processes to simplify and streamline operations. 82 percent of financial services providers outsourced their digital transformation efforts, for example. But, while using third-party vendors boosts in-house capabilities and adds value in terms of domain knowledge and technical expertise, it also heightens the exposure to risk. It doesn’t matter if a third party is to blame for the misuse of data; under GDPR the company itself is responsible for the data. It’s therefore important to strike a balance and look at the digital transformation strategy through a lens of cyber to mitigate the misuse of data or a breach in the network.

As banks become more forward-thinking and innovate for the future, they must also keep a watchful eye on the present.  Security teams need to be deeply embedded in all digital transformation initiatives from the very start.  It should not be a question of securing infrastructure once a project has gone live, rather building in security from the outset as part of the planning phase. Without this, digital transformation will always present as many risks as it does opportunities.

Control vs visibility

Furthermore, whilst embracing cloud based models inevitably means relinquishing a level of control to a third party, it is essential to recognise that the responsibility of data still remains.  As such, understanding where that data is, how it is accessed, who can access it and ensuring interactions are both expected and legitimate are crucial.  Arguably having visibility across the network (be it on premises, in the cloud or a mixture of both) is more important than ever before.  The common denominator linking networks regardless of complexity is the Domain Name System (DNS).  DNS based traffic flows between network in all organisations and therefore if utilised as part of the security stack can provide valuable information regarding malicious and suspicious behaviours along with identifying data theft through DNS “tunnelling”.  Having visibility and actionable intelligence at this layer provides the holistic view often missing at the network level and can help security teams reduce their digital attack surface and quickly respond to an identified breach before it causes harm.