By Prakash Pattni, Managing Director of Financial Services Digital Transformation, IBM
The ability of viruses to evolve almost in step with our defenses is something the world has become very familiar with. As nations worked to quickly vaccinate their populations, organizations faced a parallel challenge against cyber equivalents of COVID-19. The widespread adoption of hybrid working, often supported by cloud-based systems and the creation of increasingly complex digital supply chains, has created new opportunities for adversaries to launch cyberattacks and compromise valuable data. .
The financial services industry, with its vast treasure trove of sensitive data, tops the list. The scale of the security challenge for financial firms was revealed by IBM’s recently released X-Force Threat Intelligence Index 2022. The sector witnessed 19% of all cyberattacks in the UK in 2021; the overall figure was 22.4%. To put that into perspective, last year the sector was the second most attacked industry in the world. Of all these attacks, 70% targeted banks, 16% insurance companies and 14% other types of financial institutions.
As financial services firms modernize, there is a clear need for an approach to security that supports the transition to digital business models while reassuring customers and regulators.
Complexity is the enemy of security
The sobering statistics on cyberattacks in financial services come at a time when the industry is experiencing major disruption. Financial institutions are transforming to better serve their increasingly digitally savvy customers and find new revenue streams, as fintechs tap into new channels and business models. But as major security incidents in the private and public sectors have shown, the adoption of technologies that support digitization, such as cloud platforms, can create a wider attack surface for cybercriminals to attack. to exploit.
The piecemeal approach that many enterprises have taken when striving to leverage cloud platforms has led to systems created from disconnected, complexity-riddled parts – the enemy of security. Massive cyberattacks in recent years have succeeded because they have taken advantage of the digital supply chain – a vast, mixed supply chain of business and technology partners.
The inherent trust that exists within these complex environments – across numerous user and application relationships within the network – has created more avenues for adversaries to gain access to sensitive and critical data. That’s why we’re starting to see a global shift toward Zero Trust security architectures. Zero Trust is a methodology that abandons the idea that you can trust anyone or anything with security. Each user and application must be re-evaluated and re-authenticated, then assigned the lowest set of system privileges required for their operation. This approach adds an extra layer of security defense to other technology solutions and is essential where remote working is common, as it is in many financial services companies.
Go hybrid to stay safe
As the industry faces growing threats, regulators are increasingly requiring financial institutions to use multiple clouds to mitigate systemic risk. This is partly what has spurred the trend toward a hybrid multi-cloud model, which gives enterprises the choice to host workloads and data where they belong – across multiple public or private clouds or site – and allows data to be moved to where it is needed. A study by the IBM Institute for Business Value and Oxford Economics found that only 3% of businesses worldwide use a single cloud, up from 29% in 2019.
Where a company’s data resides is important. That’s why we see established financial institutions continue to invest in their on-premises mainframe systems, which remain vital to the industry, as well as in public clouds. In fact, mainframe technology today is evolving alongside public cloud solutions to stay several steps ahead of cybercriminals. For example, modern mainframes can now use artificial intelligence (AI) capabilities that allow customers to detect and prevent fraud in transactions such as credit card payments, in real time. The latest mainframes are also now capable of protecting sensitive data against the future threat of maliciously deployed quantum computing technology, which will be able to break through all current forms of encryption.
Secure data in the cloud
Whether it’s payments, investments or savings, the data held by financial institutions makes them a prime target. As a result, the industry has adopted some of the most advanced security measures and strategies available. For example, to ensure the security and privacy of customer and proprietary data, enterprise-grade security innovations such as “keep your own key” encryption and confidential computing are essential for financial institutions.
Confidential computing processes data in a shielded enclave, ensuring users have the security they need when interacting and transacting online. This means that company A can use a public cloud platform, which is also used by company B, and neither company B nor the cloud provider itself can see the data. This is true when the data is in use, at rest, or when it is being moved.
Protecting data and managing encryption across multiple platforms can be complex, and it only takes one weak link to jeopardize an organization’s entire security strategy. To overcome this, enterprises must adopt solutions that provide a single point of control to manage encryption keys securely and easily across all platforms, including other clouds and on-premises. This holistic view can also help companies demonstrate compliance faster, freeing up time and resources to drive innovation.
Reduce supply chain risk with an industrial cloud
The need to strengthen security for the cloud era is also fueling financial institutions’ interest in adopting industry-specific cloud platforms. Search for IBM UK found that for 43% of financial services respondents, data security was the biggest barrier to digital transformation, while 90% said their organization had already adopted or was planning to adopt an industrial cloud.
There is a good reason for this trend. A cloud designed for the needs of the financial services industry not only supports the most advanced enterprise security technologies, but also helps reduce risk to the financial institutions ecosystem, including third and fourth parties of their supply chain. An industrial cloud platform can have the necessary security controls built into its code, so that all financial institutions, partners and fintechs meet the required standard. The same goes for the strict regulatory compliance standards that banks must meet. With compliance controls built into the industry’s cloud platform, banks can automate compliance across their entire digital estate and ensure that the partners they transact with have demonstrated compliance with the requirements of the platform.
Highly regulated industries, especially financial services, feel compelled to transform at an ever-increasing rate and pace. However, in doing so, they must not lose sight of security, resiliency and compliance when digitizing.