Authored by: Sandeep Bhargava, Managing Director of Asia Pacific Japan (APJ), Rackspace Technology
In the financial services sector, many organisations are seeking to gain a competitive edge by adopting digital technologies to increase innovation and improve agility. As the Monetary Authority of Singapore (MAS) issues new digital banking licenses this June, it is expected to facilitate a rapid adoption of fintech solutions, among companies within and outside the financial services sector.
As these new technologies disrupt the industry and consumer demands evolve, financial institutions must adapt to avoid becoming irrelevant. However, this path also includes considerable security threats from the dark web. Financial organisations need to balance innovation to maintain competitiveness with protecting customers from malicious breaches.
New digital offerings opening the door to potential cyber threats
Consumers want to access their account information anytime and anywhere. Chip cards, cell phone payments, wireless transactions, and crypto currencies all offer incredible new ways for consumers to acquire goods, track wealth and exchange data quickly and easily. Financial institutions in Singapore are beginning to embrace the disruptive technologies that start-ups are introducing to the industry, working as partners in service delivery. Some large banks are also building technologies to deliver new digital offerings to customers.
These self-service capabilities and rapid improvements to web and mobile applications demanded by customers have generated the need for more agile development cycles. While this is good news for service delivery, the expedited testing timelines and potential for human error mean more opportunities to introduce flaws that can be exploited by hackers. The region's rapid technology adoption is making it a lucrative target for who sell data including credit card numbers, email accounts and other credentials.
Additional regulatory oversight and third-party risk requirements also mean that each step in the development process should be carefully weighed against potential threats.
Financial services companies are expected to meet this demand from consumers for convenient access to their data while protecting it from increasing malicious threats and data accessibility requirements. A single misstep could cause irreparable harm to the bank’s reputation.
Even with stringent security controls to combat existing threats, cyber criminals still persist, creating a fine line between providing accessible, easy transactions and protecting customer data. This is leaving many financial institutions to redefine their data structures, as well as their business models.
How can financial institutions respond?
To ensure that customer data is properly safeguarded while services are transformed, financial institutions can do these five things:
Establish ‘Know Your Customer’ initiatives to ensure that phishing scams, fraudulent account access and money laundering activities are recognised early and remediated.
Educate innovation teams on the vulnerabilities of the organisation’s code base, application development tools and platforms to ensure malware attacks and other breaches are prevented, or detected and eliminated quickly. Every new solution must be designed with security built into its DNA.
Build strong third-party risk assessment programs that include regular audits, periodic testing and stiff requirements for all partners. Payment Card Industry Compliance should be the minimum standard, not the ultimate goal.
Incorporate a dark web monitoring group into security teams responsible for surfing, learning, following, and mitigating issues related to the organisation. Also consider investing in a dark web monitoring solution to protect customer data further.
Work with a managed services provider to ensure you know where the organisation's data resides, how it is accessed and the encryption channels used between on-premises and cloud managed solutions.
As financial institutions innovate to compete with the new recipients of digital banking licences in Singapore, the criminal world is innovating too. Developing a well-planned cyber security strategy to take the weight off the shoulders of IT staff will enable them to focus on developing innovative new services for customers.