Post-Pandemic Technology & Cyber Security Trends in Banking – Part 1
The banking sector is in the midst of a digital transformation that is causing its attack surface to grow, exposing organisations to increased levels of cyber threat activity. As more organisations adopt digital banking solutions, having effective cybersecurity programs has become more important than ever before for the banking industry. In this article we explore the post-pandemic technology and cyber security trends in banking.
Elasticito was recently approached by a financial services firm to provide some analysis on new technology and cyber trends within the banking and financial services industry. A summary of our findings make up this blog post, but one common theme that we observed was that, despite the pandemic, the unstoppable momentum of digital transformation is causing a huge impact in the way that banking services are and will be delivered to customers over the next 5 years. This equally brings considerable cyber security challenges to address as well.
Here are some of Elasticito’s observations and findings that might be of interest to others:
The first observation is that the pandemic has only accelerated a process of digital transformation that had already largely begun in the banking industry in most countries. Only now, we will begin to witness far greater change to the way that we bank and interface with our banks.
Digital Account Opening
There will be an accelerated shift to digital account opening, replacing the traditional dependency on physical in-branch account opening processes. The reliance on technology and automated processes will require greater oversight from a cyber risk perspective.
Greater Use of APIs
Digital banking for Millenials and Generation Z’s often equates to the need to add additional value adding products and services to the digital banking experience. In recent years, there has been an explosion in the use of digital integration via API connections where data is shared and interchanged between services. From an information security perspective, there are obviously questions that need to be raised about protecting API connections from compromise and a need for greater scrutiny of third party organisations who might have access to sensitive data. This will not only require cyber risk assessments, but possibly also, continuous cyber risk monitoring. Technical development teams will also come under greater scrutiny to ensure that they are following best practices in security and data protection.
Shift in Investments From Back/Middle Office to Front Office Processes
One change that might seem obvious to some, but will cause considerable change with some banking organisations, will be the shift in investments from middle and back office processes to front end processes. In plain English, this means that the interface that the customer interacts with (increasingly, the banking mobile application) will be the primary banking interface for most customers. Part of this will be a drive to increase more self-service features.
Greater Adoption of Cloud Services and AI
For obvious reasons, many banks were initially reluctant to embrace Cloud services. This was already beginning to change pre-2020, but will accelerate in the post-pandemic era with mass adoption of Cloud and AI based services. These will enable new ways of working and of delivering banking services with more automation, but will equally require greater oversight from a cyber risk and threat monitoring perspective.
Get Ready for Extreme Digital Transformation
Some banks are formulating plans for the next generation of digital transformation: extreme digital transformation. This is where, Michael Hammer-style, individual processes are identified and defined as not what can be digitised, but what processes will specifically require human input. In order to achieve this kind of automation, there will be an even greater reliance on third party technologies and service providers, which will in turn, require even greater monitoring of third party risk.
Mobile Banking Becomes King
In some countries, led by the United States, but with other countries following close behind, mobile banking is becoming the primary interface between the Bank and the customer. In a post-pandemic world, in-branch banking will continue to decline, but so too will online banking via web browsers. With such a reliance on mobile banking, this will undoubtedly be the new frontier for cyber criminals and security teams will need to closely monitor for fraudulent mobile apps.
How Can the Banking Sector Manage These Threats and More?
Banks are increasingly targeted by cybercriminals. This is because of the high value in financial data being stolen. As more banks create mobile banking applications, loopholes are introduced for cybercriminals to exploit. Banking apps can be the target of security vulnerabilities from both the client-side and server-side. As such, banks must ensure that secure data is kept safe while being used by customers and while stored on bank servers. As cybercriminals become more sophisticated, they will target your bank’s third-party vendors (software and equipment vendors). Third-party vendors have access to critical banking data but often lack stringent security policies. They’re a prime target for threat actors looking to steal information about financial institutions.
Banks continue to increase their use of third-party vendors. It is important for financial institutions to perform thorough due diligence on vendors’ security measures. Proper vetting can prevent financial institutions from having their reputations damaged and financial loss.
Taking the above into consideration, it’s no wonder that 87% of banking industry leaders say that their concerns about cybersecurity have risen over the past year. Banks and other financial institutions need a defensive arsenal that includes not only an effective cyber security program, but also an engaging, ongoing security awareness program that is always up to date.
In summary, the next five years will witness an enormous amount of change in the global banking industry, largely driven by technology and the shift towards digital and mobile transformation. This will present huge opportunities, but also considerable security challenges.
For more information regarding this topic, contact Elasticito here.