Long reads

What are the cybersecurity risks in an interconnected world?

Jamie Crawley

Jamie Crawley

Reporter , Finextra

Financial services companies have historically been amongst the best performing when it comes to matters of cybersecurity, given the importance attached to protecting and managing clients’ sensitive data. However, developments and innovations in the industry mean cyber challenges are consistently changing and financial institutions must stay ahead of the curve.

The financial world has become far more interconnected in recent years as companies harness the advantages of the cloud to power their data engines. This does however cause the cybersecurity picture to become rather more blurred and threatens to compromise the normally strong cyber defences that financial services companies boast.

This and other cybersecurity trends was explored in The Future of Cybersecurity: 2020 Predictions, published by Finextra Research.

With banks and other institutions seeking to broaden the array of functions that can be automated or expedited using machine learning and AI, they will increasingly look towards cloud providers to facilitate storage of the swells of data required for this.

This will however offer debate about banks and other companies metaphorically storing their car in someone else’s garage and whether this strengthens or compromises their security.

HSBC, for example, has moved its data to Google’s cloud, as it would be expected that the security would be superior to anything the bank can provide on its own.

Cloud providers such as Google, Amazon or Microsoft will spend significantly more on cyber and technology than a financial institution does, presumably making their defences harder to breach, though not impossible.

“2019 gave examples where cloud providers have suffered breaches or had weaknesses exposed,” says Steve Holt, partner at EY.

“Looking ahead, attackers will continue to really test cloud providers as they know how much more data they are hosting.”

Therefore, hackers looking to breach 20 different banks can target their attack on the cloud provider, rather than attempting to hack into the 20 banks one after another.

Nonetheless, the increasingly robust detection and protection mechanisms that a cloud provider will inevitably offer efficiency gains and services that will be of great benefit to financial institutions.

Dries Watteyne, head of SWIFT’s cyber fusion centre, says: “You need to be wary and work closely with providers, but if you accept the risk and put in place the right controls to protect your data in the cloud, you can opt for using services that the providers offer.”

Old meeting new

A separate component of the interconnectivity of the financial world is where companies integrate with each other, forming partnerships with other companies. This may come in the form of a large incumbent bank collaborating with a fintech or a start-up, or a company in a different industry altogether, such as retail, travel or entertainment.

In these cases, banks would have to be prepared to mitigate against the risk of working with partners whose cyber defences are not as sophisticated as their own.

A study by Zurich Group in 2017 found that 49% of SMEs in the UK would spend less than £1000 on cybersecurity in the next 12 months, as more immediate concerns relating to P&L and cashflow take priority.

“I think risks relating to third-party suppliers are big,” says the European head of technology at one major incumbent bank.

“These companies are less mature both in terms of security and a business model postures. Fintechs are all about innovation and bringing products to market quickly, but that comes with a lot of risks.

Looking ahead throughout 2020 and beyond, we may see this stand-off between innovation and security come to a head.

Click here to download 'The Future of Cybersecurity: 2020 Predictions'.

 

Comments: (0)