The financial industry’s increasing dependence on advanced technologies has two major implications. First, the financial companies that adopt these technologies are able to leverage new and improved services, solve legacy issues and introduce competitive differentiation as a result. Second, the increased complexity of these systems creates more potential weak spots for cybercriminals to exploit. It also drives up the cost required to adequately research, develop and deliver these advanced technologies and services to customers.

Managing these intricacies and associated risks is the key to improving the state of security in banking. A security leader’s main priority is to keep attackers from gaining entry to the organization’s IT ecosystem and wreaking havoc. With any breach, the potential for loss of data, trust and revenue is high, and it can dent overall reputation as well.

The regulatory bodies charged with keeping the industry secure are essential to prevent potentially unsafe expansion or activity. However, regulators are often unable to move fast enough when it comes to data protection.

Compliance Does Not Equal Security

While regulatory compliance is important, a compliant system is not necessarily a secure system. Those in charge of securing financial organizations should work with industry peers and IT partners to identify threats and establish holistic, risk-based approaches to dealing with them.

It’s also important to recognize the tension between the technical and business sides of the organization. Consider which tools must be implemented to address risk and comply with regulations in the context of the IT budget. All sides must be sensitive to each other’s concerns.

Keep Your Ear to the Ground

Computers and security systems have been developed to recognize, detect and prevent viruses, malware and other harmful pieces of software. While these systems are incredibly accurate, they are no longer enough. Security teams need more advanced systems that can learn to recognize patterns in data and identify subtle changes in attack code designed to evade traditional monitoring systems.

Banking organizations should ensure they have advanced analytical and interpretive powers overseeing all relevant data security events. These efforts will help detect and prioritize the threats that pose the greatest risk to the industry and specific organization, allowing security personnel to take effective action and identify the items that need immediate attention. This can be achieved either through in-house security technology deployment or by contracting a third party to manage the security monitoring for the business.

Get Your Head in the Cloud

Many leaders in the traditionally risk-averse finance industry are wary of the risks associated with cloud adoption. However, there is no reason why cloud should be any less secure than an on-premises data hub. It all depends on the organization’s security policies and regulatory requirements, and how these can be mapped to the cloud environment.

Cloud adoption can drive agility and reduce costs for banking institutions. It can also help improve protocols for security in banking. As threats in this area continue to escalate, a single bank can only see what happens inside its own network. But it can strengthen its defensive posture by collaborating with other banks, regulators and government agencies to understand the full threat picture.

Banks can also enable the exchange of relevant threat information and speed up defense capabilities by partnering with dedicated security services. A partner overseeing threats across the globe can, for example, warn a bank in Germany of an attack unfolding in Korea. This allows the German bank to get a jump on defensive preparations before attackers have a chance to strike.

The Future of Security in Banking

The future of security in banking lies in the development and adoption of advanced cognitive security functions. These systems can harness not just data, but also meaning, knowledge, process flows and progression of activity at a lightning-fast speed. Cognitive security can put banks ahead of threat actors in terms of speed, collaboration and access to data structures.

Cognitive technology enables security analysts to collect information rapidly and provides the support they need to thwart attacks before the damage is done. But shifting the balance of power requires a shift in the overall approach to security in banking. Banks must ensure their systems are more than compliant, become comfortable with cloud technologies and implement cognitive computing to keep up with the evolving threat landscape. The industry is not entirely there yet, but it’s facing the right direction.

For more on the state of security in banking, watch this IBM Masterclass video interview I did with The Banker, “Cybersecurity Beyond Compliance.”

More from Artificial Intelligence

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Can Large Language Models Boost Your Security Posture?

4 min read - The threat landscape is expanding, and regulatory requirements are multiplying. For the enterprise, the challenges just to keep up are only mounting. In addition, there’s the cybersecurity skills gap. According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity workforce gap has increased by 26.2%, which means 3.4 million more workers are needed to help protect data and prevent threats. Leveraging AI-based tools is unquestionably necessary for modern organizations. But how far can tools like ChatGPT take us with…

4 min read

Why Robot Vacuums Have Cameras (and What to Know About Them)

4 min read - Robot vacuum cleaner products are by far the largest category of consumer robots. They roll around on floors, hoovering up dust and dirt so we don’t have to, all while avoiding obstacles. The industry leader, iRobot, has been cleaning up the robot vacuum market for two decades. Over this time, the company has steadily gained fans and a sterling reputation, including around security and privacy. And then, something shocking happened. Someone posted on Facebook a picture of a woman sitting…

4 min read