Banking and Finance is arguably the most innovative, heavily regulated and targeted sector within any given economy. The combination of this creates and interesting ecosystem from a technology perspective, one that drives innovation with caution. In this paper, I will discuss what I foresee as some of the technology innovations in the Banking and Finance sector along with implications from a cybersecurity perspective.
Artificial Intelligence (AI), Machine Learning and Analytics – there is a greater push in Banking and Finance to adopt these technologies for improving customer service, analyzing customer behavior and aligning products to it, digitizing business processes for cost optimization, etc. The use cases are many which is why we expect to see greater investment in these technologies, in particular. From a cybersecurity perspective, there are a few considerations that come to mind. The first is configuration and security of these systems. These systems tend to use a lot of data for a variety of reasons and also produce a lot of data for use. The integrity of both are needed to ensure whatever is going in and coming out is reliable. The second area to discuss is the ethical use of AI. AI can be used or misused. An example could be use of analyzing and predicting customer data to such a degree that it starts impeding on their privacy. As much as this is not strictly a cybersecurity issue, a line must be drawn to ensure the ethical use of AI. The third use of AI is in cybersecurity itself. We expect AI to be used more heavily in the prediction and stopping of cyber-attacks in future. Unfortunately, with the good comes the bad and we expect adversaries to start using AI to change and morph attacks on the fly in order to evade control measures
Digital Transformation Initiatives – this is at the heart of Banking and Finance institutes being innovative. Banking and Finance organisations have traditionally invested heavily in digital transformation to improve customer service, get closer to customer needs, differentiate their service, etc. This trend has only accelerated with COVID and we expect this to continue going forward. From a cybersecurity perspective, caution has to be exercised to ensure that cybersecurity measures are built into any digital transformation initiative from the start. Products have to be secure by design and security must not be sacrificed to achieve speed to market. One can imagine the disaster a new hacked application would bring
Open Banking – open banking is definitely here to stay and will have an impact on Banking and Finance institutes’ business models as they go to this open ecosystem. Consumer Data Right legislation has been drafted in Australia, as an example, to govern data ownership and secure sharing of data. From a cybersecurity perspective, the implications are around the secure sharing of data, management of consent, creation and security of APIs and security of connected systems
Increased use of Blockchain Technology – we expect banks to start exploiting blockchain technology to interact with their clients, processing and managing transactions, increased use in reg tech, etc. Blockchain technology is secure by design, but the security is only as good as its configuration. This is where Banking and Finance institutes will need to be careful in their implementation to ensure the blockchain deployment is configured in line with the value of the data it holds and the associated threat profile
Working from Home – as much as this is not a massive technology trend, this is here to stay even after the effects of COVID have waned off. What this will mean is an acceleration of remote and online banking. Staff will need access to customer data from home and the cybersecurity implications of this will need to be considered. The network will essentially now include the device and home network of employees and these will have to be secured. Concepts of Zero Trust will become a reality to protect customer data being accessed from home
Increased use of 5G – this will allow greater access to data to both customers and employees from anywhere using any device. Fundamentally, this will drive Banking and Finance institutes to adopt an even greater online presence. The flow on effects of this from a cybersecurity perspective will be the need to secure customer data on any device being access from any location. Concepts of strong authentication, encryption and Zero Trust security will become key to achieving the level of data security needed. No longer can we trust the user or the device accessing the data. The data itself will need to be containerised and secured. Distributed denial of service attacks (DDoS) become a bigger threat than now due to increased bandwidth availability
Greater use of the cloud – as much as cloud is not a new technology, its increasing adoption partly driven by the pandemic will change the way we work and how organisations consume computing. Increasing use of cloud will allow employees easier access to data from anywhere with potentially lower latency when combined with 5G technology. On-premise data centres will largely disappear as organisations move to the cloud for compute power and storage. From a cybersecurity perspective, greater move to cloud brought about by the accessibility and cost challenges imposed by the pandemic will increase the current cloud security issues making them a bigger challenge due to misconfigurations and mismatch of requirements to deployed security
Regulatory landscape and requirements – the Banking and Finance sector is arguably the most regulated in any country. This will drive greater use and innovation in the reg tech space in order to help ease the compliance burden. Regulations will continually drive changes to the way Banking and Finance institutes conduct business. An example is Consumer Data Rights legislation in Australia which will impact the business models many Banking and Finance institutes adopt. Regulations will have a large impact on the cybersecurity measures adopted by Banking and Finance institutes. Regulations will dictate the minimum standards that organisations must adopt and will force investment in areas that are currently lacking.
Banking and Finance institutes must continue to innovate and invest in technology to differentiate, to meet regulatory requirements, to create new products and be able to make them relevant to customer needs based on an analysis of their buying behaviours. Trust and risk management will remain key pillars within any Banking and Finance institute and a continuing investment in cybersecurity initiatives is a must of satisfy both these business requirements.
Ashwin has had over 22 years' experience in the IT security industry in Asia Pacific. His qualifications include a Bachelor of Commerce and Administration degree from Victoria University, Wellington, NZ majoring in information systems and management.