The financial industry’s increasing dependence on advanced technologies has two major implications. First, the financial companies that adopt these technologies are able to leverage new and improved services, solve legacy issues and introduce competitive differentiation as a result. Second, the increased complexity of these systems creates more potential weak spots for cybercriminals to exploit. It also drives up the cost required to adequately research, develop and deliver these advanced technologies and services to customers.
Managing these intricacies and associated risks is the key to improving the state of security in banking. A security leader’s main priority is to keep attackers from gaining entry to the organization’s IT ecosystem and wreaking havoc. With any breach, the potential for loss of data, trust and revenue is high, and it can dent overall reputation as well.
The regulatory bodies charged with keeping the industry secure are essential to prevent potentially unsafe expansion or activity. However, regulators are often unable to move fast enough when it comes to data protection.
Compliance Does Not Equal Security
While regulatory compliance is important, a compliant system is not necessarily a secure system. Those in charge of securing financial organizations should work with industry peers and IT partners to identify threats and establish holistic, risk-based approaches to dealing with them.
It’s also important to recognize the tension between the technical and business sides of the organization. Consider which tools must be implemented to address risk and comply with regulations in the context of the IT budget. All sides must be sensitive to each other’s concerns.
Keep Your Ear to the Ground
Computers and security systems have been developed to recognize, detect and prevent viruses, malware and other harmful pieces of software. While these systems are incredibly accurate, they are no longer enough. Security teams need more advanced systems that can learn to recognize patterns in data and identify subtle changes in attack code designed to evade traditional monitoring systems.
Banking organizations should ensure they have advanced analytical and interpretive powers overseeing all relevant data security events. These efforts will help detect and prioritize the threats that pose the greatest risk to the industry and specific organization, allowing security personnel to take effective action and identify the items that need immediate attention. This can be achieved either through in-house security technology deployment or by contracting a third party to manage the security monitoring for the business.
Get Your Head in the Cloud
Many leaders in the traditionally risk-averse finance industry are wary of the risks associated with cloud adoption. However, there is no reason why cloud should be any less secure than an on-premises data hub. It all depends on the organization’s security policies and regulatory requirements, and how these can be mapped to the cloud environment.
Cloud adoption can drive agility and reduce costs for banking institutions. It can also help improve protocols for security in banking. As threats in this area continue to escalate, a single bank can only see what happens inside its own network. But it can strengthen its defensive posture by collaborating with other banks, regulators and government agencies to understand the full threat picture.
Banks can also enable the exchange of relevant threat information and speed up defense capabilities by partnering with dedicated security services. A partner overseeing threats across the globe can, for example, warn a bank in Germany of an attack unfolding in Korea. This allows the German bank to get a jump on defensive preparations before attackers have a chance to strike.
The Future of Security in Banking
The future of security in banking lies in the development and adoption of advanced cognitive security functions. These systems can harness not just data, but also meaning, knowledge, process flows and progression of activity at a lightning-fast speed. Cognitive security can put banks ahead of threat actors in terms of speed, collaboration and access to data structures.
Cognitive technology enables security analysts to collect information rapidly and provides the support they need to thwart attacks before the damage is done. But shifting the balance of power requires a shift in the overall approach to security in banking. Banks must ensure their systems are more than compliant, become comfortable with cloud technologies and implement cognitive computing to keep up with the evolving threat landscape. The industry is not entirely there yet, but it’s facing the right direction.
For more on the state of security in banking, watch this IBM Masterclass video interview I did with The Banker, “Cybersecurity Beyond Compliance.”
Vice President, IBM Security, Europe
Julian Meyrick is Vice President for IBM Security Europe, the fastest-growing enterprise IT security company in the world. In his leadership role, Julian hel...