Banking: Embracing Innovation for Better Cybersecurity

Introduction to Banking Cybersecurity.

As our society fully adopts digital payments and online banking, banks and financial institutions find themselves in the very important role of having secure authentication systems in place to protect customers’ data and ensure that their transactions are safe. The past decade has taught us that banking cybersecurity is not something that can be overlooked. 

By leveraging strong encryption algorithms, two-factor authentication, biometric identification, and other passwordless solutions, the industry can effectively tackle some of these issues at the infrastructure level. Traditional authentication is no longer enough, and banks need to start addressing these problems from a holistic perspective rather than just passively defending themselves from attackers.

Not a great track record

According to a 2022 IBM Report, the cost per breach for financial organizations has averaged $5.97 million per breach, second only to the healthcare sector, which hit a new record high of $10.10 million. The survey reported that, “for about 83% of companies, it’s not if a data breach will happen, but when.”

One of the most known cases in  banking cybersecurity  has been that of the American credit bureau Equifax, which failed to protect the data of over 150 million users—including 19,000 Canadian citizens. Several members of China’s military were indicted for the hack and Equifax had to pay hundreds of millions of dollars for victims’ compensation and fines. And these numbers don’t even take into account the reputational damage and other externalities.

According to a survey by McKinsey, 44% of consumers trust the healthcare and financial services industries to protect their privacy and data. Every other sector—including telecommunications, pharmaceutical, and government—barely made it to 20%, which is a very important indication of how important it is for banks and financial institutions to invest in maintaining and improving the levels of public trust when it comes to data protection.

Unfortunately, banking cybersecurity  has not been very easy for financial institutions because of the massive costs that come with managing and securing such large amounts of information. These costs include not only general IT expenses such as dedicated personnel, hardware, and software, but also need to account for trainings, as well as legal and compliance expenses. And as mentioned above, this is definitely an area where it’s better to be safe than sorry, since the cost of a breach can severely impact a business. And while prevention needs to be a priority, data breaches may still occur. In those cases, a faster response is obviously better than a slow one. According to the above-mentioned IBM survey, organizations leveraging better technologies for banking cybersecurity such as AI and automation had a 74-day shorter breach lifecycle, thus saving $3M on average compared to other organizations.

Looking Ahead: Banking Cybersecurity & Beyond

The good news is that technological progress has not only increased the amount of data and the number of attack vectors, but it also created a number of opportunities for much greater cybersecurity that allows us to rethink our existing models. It goes without saying that these opportunities can drastically reduce costs for banks and financial institutions, thus offering a way to further increase the levels of trust and confidence that consumers have.

A great example would be data distribution solutions that are secure by design and leverage cryptography, access control, and secure authentication to avoid single points. With this kind of system, data can be safely and securely shared across open, distributed, and decentralized networks. Banks and financial institutions can leverage solutions such as our SoLID to ensure the highest levels of data privacy, security, and auditability. This is particularly important because, as models such as self-sovereign identity (SSI) emerge, we can enable interconnected and interoperable ecosystems of public and private digital services. In several jurisdictions across the world—including the EU, Norway, UK, Australia, New Zealand, UAE, India, Argentina and Colombia—digital identity initiatives are being implemented by governments. And many large banks across the world have now been exploring SSI for years now. In South Korea, some of the largest banks in the region are already using decentralized identity models with their employees and customers.

Every cybersecurity expert working with large organizations will point at individuals as one of the greatest vulnerabilities in a system. This is particularly true when we think about access codes and passwords. These authentication systems belong to the past century, and it’s possible to allow users and employees to access online services with passwordless solutions that are also user-friendly. Multipass was designed exactly for such purpose by leveraging near-field communication (NFC) and biometric authentication.

As new banking cybersecurity technologies such as blockchains and Distributed Ledger Technologies are increasingly adopted in a number of industries, some are understandably concerned with the potential lack of control over the data flows—in particular, from a compliance and regulatory perspective. That’s why these organizations need solutions such as Sherlock to have an in-house forensic solution that allows them to maintain audibility and fight cybercrime, putting the organization in full control and ensuring the highest levels of compliance. 

Conclusion

As the levels of trust towards the government and other industries is so low, it’s extremely important for the banking and financial services industries to maintain and strengthen the levels of trust of their customers when it comes to privacy and data protection.

Banks and financial institutions need to start embracing some of the innovation happening from a cybersecurity level and embrace it. The solutions for their cybersecurity problems are already available. The question is: how many data breaches do they want to accept before they rethink existing systems? for baking cybersecurityn