Said Tabet, Business Lead, IoT Strategy & Principal Manager, Global Innovation & Portfolio Intelligence, Dell EMC
The artificial intelligence (AI) market is predicted to be worth a staggering £12.8bn ($16bn) by 2022 according to MarketsandMarkets, while Machina Research forecasts the total number of Internet of Things (IoT) connections is set to grow from six billion in 2015 to 27 billion in 2025.
The financial services sector is likely to contribute heavily to these markets; AI could be used by insurers to fight fraud, banks could use chatbots to improve customer experience, and in accounting AI could be used to audit expenses. While IoT will enable financial services firms to collate a larger volume of data – including many data sources that have never been used before. Again, the examples are numerous; connected devices can help insurers to create a better understanding of a customer’s risk profile, enabling it to mitigate any financial risks as well as providing a more personalised offering for the customer.
But these new powerful technology tools should be armed with a warning sign – there are risks that go hand in hand with the benefits companies are looking to exploit, most pertinently the threat of a cyber-attack.
Simultaneous shift to digital is increasing scope of target
As financial services companies are digitally transforming, they’re being exposed to new types of risks and challenges. One of the biggest challenges is being able to change people, processes and technology while remaining secure against the threat of a cyber-attack.
And this threat is very real; 75 attacks against financial services firms were reported to the FCA between January and September 2016, compared to just five during the whole of 2014. And the likeliness is this is just the tip of the iceberg as most attempted cyber-attacks are never reported. Cyber-attacks are on the rise and it certainly isn’t going to subside anytime soon.
Fighting fire with fire
One bonus for organisations that are ready to benefit from AI and IoT is that the right hardware and infrastructure is likely to be in place to also exploit other technologies, one of which is machine learning.
There are machine learning technologies that can detect anomalies within a firm’s network and notify the organisation to take action. Others go a step further and aim to automatically mitigate potential risks. The system ‘learns’ what a company’s network, data and logs are meant to look like – if there’s something suspicious, it alerts a human analyst. The analyst can then tag it as a legitimate threat, and overtime the system will become more sophisticated as it would understand the difference between a harmless anomaly and an attempted breach of security.
But while technologies such as machine learning are sophisticated, IoT isn’t quite there yet. Firstly, it increases the attack surface of a company – the more devices and points of entry to a network that a hacker has, the more possibilities they have to break in.
Secondly, there have been numerous stories about how IoT devices have been breached, and unfortunately it is a trend that is likely to exacerbate in the coming years, at least until there are official standards put into place that all companies adhere to. Currently, there are still numerous standards bodies that are attempting to fix this – but there needs to be more collaboration in this space.
It’s not just about the tech
Financial services firms should be wary of only concentrating on the technology involved to mitigate cyber attacks. A huge part of keeping secure is down to the processes and people in place. If there aren’t clear processes in place, then employees may not know how to react even if a threat has been detected, and if awareness isn’t raised for all employees within the organisation – not just within IT – about the risks of cyber attacks, then the likeliness is that one of them could leave the door open for a hacker to successfully infiltrate the network. This could still be as simple as an employee falling for a phishing scam via e-mail.
The FCA has said it is looking for a security culture in firms of all sizes running throughout the organisation – from CEO and the rest of the board right down to every employee. It suggests that the key is a combination of good governance, identification and protection of key assets.
Detection – like the machine learning technologies mentioned, as well as response and recovery methods in case of an attack are essential. The final element the FCA has asked of financial services firms is the element of information sharing – not just with the FCA, but with each other. Firms have to better collaborate to help thwart cyber –attacks.
Cyber security a conundrum unlikely to disappear, but financial services firms, technology companies and standards bodies can all contribute to ensure that it remains as only a ‘threat’ rather than a successful attack. With new technologies coming to the fore, it’s more essential than ever that organisations protect themselves and their customers as they explore new opportunities.