Raconteur

Future of Banking 2017 Special Report

Issue link: https://raconteur.uberflip.com/i/776016

Contents of this Issue

Navigation

Page 7 of 7

FUTURE OF BANKING raconteur.net 8 RACONTEUR 22 / 01 / 2017 While the nature of the threat may change, Mr Day concludes: "We must ensure that those working in the banks are equipped with the professional skills to anticipate these risks and act accordingly with the highest of ethical standards in mind." But are our expectations of a secure bank unrealistic as we move forward into a cyber-banking dominated future? Rob Horton, a senior product manager at BAE Systems Applied Intelligence, doesn't think so. "We are in an arms race against the cyber criminals and fraudsters," he says, "and the good guys are working day and night to maintain the upper hand." Banks and industry partners are collaborating more than ever, securely sharing intelligence on the criminals who are seeking to attack the system. "This collaboration is in - creasing now on an unprecedented scale with the UK being a world leader," says Mr Horton. Nik Whitfield founded cyber-security software firm Panaseer after meeting cy- ber-security leaders at the UK's biggest banks to get an insight into the key threats they face. "The question is not whether a bank is 100 per cent secure," he cautions, "but whether a bank is secure enough." This means defining a risk appetite at board level that depicts which bad scenari - os a bank is likely to face and the frequency and loss they can accept. Meanwhile Mr Cheng thinks that to suc- ceed in building a secure bank requires rigorous application of severa l security technologies in para llel. W hat these tech- nologies will be is open to some debate, a lthough most for ward-looking securi- ty exper ts include user authentication, Staying ahead of the cyber gangs With evident online security loopholes and hackers growing evermore adept at cyber safe- cracking, can the future of banking be secure? SECURE BANKING DAVEY WINDER W hen Tesco Bank fell victim to a cyber breach, hackers were quick to boast on the dark web about it being a cash cow and how they were cashing out £1,000 each week without anyone noticing. Quite clearly, banks understand the im - minent threat such events pose for their businesses. Yet they continue to happen – week in, week out. What specific threats are considered "the norm" within the fi - nance sector and how must banks respond if they are to have a secure future? "In the past, the risk for thieves was of ten higher than the potentia l reward, but this has been turned on its head," says Nigel Bolt, vice president and U K and Ireland countr y manager at Intel Security. The barrier to entr y for cyber crimina ls is ex tremely low and, with the kind of cybercrime-as-a-ser vice tools that can be used to rob a bank available online at low cost, a lmost anyone can tr y their hand at it. "Today a bank's biggest asset is not just the money it holds," Mr Bolt warns, "but the data of its customers." And it's this data that is often the target of the online attacker, which is hardly surprising given that bank and debit card data for "live" ac - counts, where no theft has yet been report- ed, can fetch more than £100 a pop within the criminal underworld. There is big money to be made, with the Intel 2016 Data Protection Benchmark Study revealing there are between 21 and 30 data loss incidents every day across the UK financial services industry alone. W hen it comes to threat specif ics, phishing is at the top of the banking danger list. This insider threat is ex - ploited by the phishing tactics of crimi- na ls and terrorists a like. A licia Kearns, director at Globa l Inf luence, warns that increasingly cyber terrorism is ta king the form of spear phishing attacks against banks and f inancia l ser vices. These target specif ic individua ls, of ten using socia l media accounts and post - ings to gather intelligence to use in gain- ing the conf idence of the employee. The win? "Sensitive data and cash," says Ms Kearns. "Despite the disparity between the size and str ucture of different banks, they a ll have one shared wea kness – their employees." Andersen Cheng, chief executive of Post-Quantum, explains that often the immediate victims of phishing are not even the ultimate target, but instead form the easiest route into an organisation. Se - rious criminals will take weeks or even months to plan and execute their attacks, he says. "It's a fact of life that with greater digital - isation there also comes greater risk," says Martin Day, managing director of corpo- rate and professional qualifications at the London Institute of Banking and Finance. non-repudiation and fraud deterrence a long with the implementation of en- cr y ption that can sur vive in a post-quan- tum age. None of which can operate in a silo. "The whole industry needs to be think- ing about how they evolve to share intelli- gence," Mr Bolt insists. "Banking security is not a competition point." What banks cannot do is allow the speed of change to catch them out. For example, today we can say that banking is large - ly a transactional experience where the customer is only recognised after they have logged in. As banking becomes fully mobile for more customers, then it will become about continuous validation and verification based on prior interactions. "The bank will know who I am based on location, device, and most importantly the manner in which I bank and behave while on their systems," says Paul Calatayud, chief technology officer at FireMon. "If I appear to be operationally out of the norm, I may be able to perform limited banking functions, while losing the right to per - form more advanced functions until I am reverified." What banks must do is become more agile when it comes to riding the securi - ty curve. The fight against cyber threats cannot remain asymmetric. Currently the norm for cyber-gang bosses is to plough 25 per cent of their profits from any heist straight back into research and develop - ment. If they want to invest more, they can make that decision on the fly. "Crimina ls can adapt their techniques far more rapidly than the private sector's budget and procurement cycles a llow," Mr Cheng warns. This is an area in which the f inancia l sector is improving, but there is still some way to go in updat - ing their process to enable the adoption of emerging solutions if the bank of the future is to look like any thing resem- bling secure. Share this article online via raconteur.net The whole industry needs to be thinking about how they evolve to share intelligence There's really no doubting blockchain could disrupt payment systems on a truly global scale 66% of global financial services institutions have experienced at least one cyber-security attack in the last year $221 average cost of a data breach per compromised record in the global financial services industry Source: Intel Security/ Ponemon Institute 2016 Source: MetricStream 2016 01 02 T here's no doubting that blockchain technology has been on the minds of for- ward thinkers in the finan- cial sector ever since bitcoin first made an appearance in 2009. The idea of such a distributed ledger has certainly made an impact, not least when it comes to banking security where many are heralding it as the next big thing. Kim Sgarlata, a partner at Capco, is among those who see blockchain as having huge potential to move the financial sector into a more secure model. "Blockchain technology can promote security in a number of ways," she insists, "such as enabling the capability to work with a trans - parent single source of truth." This enhanced visibility would allow all other users to observe any misfeasance. A powerful senti- ment when joined up with the concept of an immutable chain of entries that pre - vent amendments and concealed ploys. "The concept of decentralised d e c i s i o n - m a k i n g also removes some challenges con - ventional systems currently endure," says Ms Sgarlata, "such as single points of failure and the operational risk posed by rogue system operators." Sanat Rao, the chief business of- ficer at Infosys, points out the latest Finacle Innovation in Retail Banking report reveals 47 per cent of banks are actively exploring ways of using blockchain. Among them are Emir - ates NBD and ICICI Bank that, Mr Rao says, "have already carried out a suc- cessful pilot using a blockchain net- work for international remittances and trade finances, across the biggest remittance corridor in the world". So there's really no doubting block - chain could disrupt payment systems on a truly global scale. Assuming, that is, the potential stumbling blocks to adoption can be overcome and the blockchain naysayers persuaded of the true security benefit. Stumbling blocks include being as - sociated with bitcoin and its public network. Indeed, Jerry Norton, vice president of financial services at CGI (formerly Logica), can't come to terms with any commercial bank "being Is blockchain the strongest security link? Blockchain, the public ledger associated with bitcoin cryptocurrency, has been heralded as the answer to banking security problems BLOCKCHAIN DAVEY WINDER comfortable to base live, in-produc- tion, transaction systems moving billions of pounds of value based on a source code developed by an opaque group of core developers that might make a hard fork [change of protocol] at any moment". And that's before mentioning regulatory obligations in terms of system robustness. "The govern - ance question alone," Mr Norton concludes, "means we will see the construction of new blockchains by inherently trusted entities in the enterprise space." Such private blockchain solutions will "remove the issues of anonym- ity," says Lawrence Lundy, head of research and partnerships with Outlier Ventures "allowing banks to meet know-your-customer and an - ti-money laundering regulations, as well as the unpalatable thought of having unknown participants vali- date banking transactions". Mr Lundy predicts a likely bifurca- tion between cen- tralised distributed ledger technology, used by banks for back-office auto - mation, and decen- tralised blockchain technology to pro- vide trustless net- works removing the need for some trans- actions altogether. Once we start to see a wider incremental adoption of these private or permis - sioned blockchains, it will become much easier to persuade the risk ad- verse towards reaching for an attain- able return on investment. "The business case becomes par- ticularly difficult to refute with the release of more confirmed metrics and standards," says Ms Sgarla- ta. Applying the technology to the correct use-case obviously remains critical. "When we discuss this with clients, we start by considering whether the problem posed could benefit from operational simpli - fication, risk reduction, reduced fraud, improved efficiency and the reduction of capital lock-up," adds Ms Sgarlata. The key in this careful selection process is not to create the solution rather than search for the problem, but instead find a problem and ex - plore whether blockchain, among other things, would be the best solu- tion. Blockchain technology holds the promise to deliver better banking security, but it's not a silver bullet on its own. 56% say these types of attack are increasing compared with previous years Jeff J Mitchell/Getty Images Northfoto/Shutterstock 01 Tesco Bank was forced to repay £2.5 million to 9,000 customers following the Novem- ber hack 02 More than seventy six million households and seven million small businesses had their information compromised in a J.P. Morgan hack in 2014 - one of the largest financial-sector cyber incidents in history

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Future of Banking 2017 Special Report