2017 witnessed one of the worst cyber security breaches of all time when U.S. credit agency Equifax lost sensitive data, including Social Security Numbers, that could impact as many as 143 million people. So there is absolutely no doubt that security will take center stage in most enterprises in the New Year.
Specifically, we expect banks to deal with the following security trends in 2018:
Amidst growing digitization, concerns about protecting customer information and interest are intensifying. In addition to existing laws, such as SOPA (Stop Online Piracy Act) and PIPA (PROTECT IP Act), banks will have to contend with new regulations protecting investor interest (MiFID II) and individuals’ data (GDPR), which will come into force this year. An important part of that will be to make banking systems compliant with the new rules, and in the case of new investments, make security an integral part of the architecture design itself.
With more technologies coming up and then coming together, both the quantum and sophistication of cyber-attacks will increase. The data breach at Uber – said to have impacted 57 million customers and drivers – was mounted through the world’s largest open source developer community and a hugely popular cloud computing service. That the Internet of Things is another source of vulnerability was proved beyond doubt by the Mirai botnet attack, perpetrated by about 100,000 infected IoT devices. What’s more, even fraudsters are keeping pace with technology evolution, and are increasingly using sophisticated Artificial Intelligence to breach firewalls. A single-pointed, analytics-based security application is inadequate protection against such multifaceted threats, which can only be combated by a solution combining the power of AI, machine learning, analytics and big data with biometric devices and other anti fraud technologies. 2018, the year of AI versus AI, will witness the coming together of various technologies, including mature biometrics that will combine voice, facial and retinal scan to protect banks and other enterprises against cybercrime.
Moreover, with larger hordes of external users and devices accessing organizational systems, banks would need to change their human-centric, reactive security philosophy to a proactive, machine-led approach where systems monitor user behavior to decide who should be allowed access and automatically adapt the level of security to the level of attack. Also, as mentioned earlier, they should build security into application architecture, instead of layering it on later.
2018 is also the year when banking ecosystems will multiply and unprecedented amounts of data will be shared within and between ecosystems. Once the entire banking organization becomes entrenched in the business of sharing data, the business of protection cannot be vested in a single department or authority. Hence in the years to come, security will be everybody’s responsibility in the bank.
One of the banking trends we predict for 2018 is the emergence of a parallel short term/ part time workforce, which – like Uber drivers or Airbnb property owners – will enter and exit the banking human resource pool at will. These workers will need to be “secured” even more than regular, permanent employees, but without compromising the ease with which they can enter the system, do their job, and go. Here, the approach to security should be driven not by role, but rather by the pattern of behavior, to prevent any unsavory activity.
As banks manage and respond to these trends in 2018, they might want to bear a couple of things in mind. The first is to devise security measures, which protect, but do not introduce friction in user experience. The second is to be open to any opportunity to capitalize on this strength by offering identity management and related services to clients. Will 2018 be the year banks turn security into a competitive advantage? We will know soon enough.