Digital Transformation Adds Cyber Risks To Financial Services

Digital Transformation Adds Cyber Risks to Financial Services.jpeg

By Jonathan Nguyen-Duy

Digital transformation focuses on leveraging digital technologies and massive amounts of data, and real-time, data-driven decision making for explosive economic growth and quality-of-life improvements. It is rapidly reshaping the way that products and services are conceived, delivered and consumed. Nowhere is that more evident than in financial services, where recent technological advances and changing consumer demands have created unprecedented operational, security and compliance challenges.

Financial services firms are grappling with the changing demands and expectations of digital consumers who want to communicate and conduct commerce from any device at any time. These connected consumers continually expect greater flexibility and highly personalized financial product and services. Indeed, they expect financial services companies to constantly improve the customer experience.

Digital Transformation in Financial Services

Financial services firms are a key focus of digital transformation because consumers increasingly expect to be able to complete peer-to-peer payments, have access to digital wallets, plan budgets, make digital deposits and transfers, and more, all from their mobile devices.

However, as banks innovate to meet their digital customers' needs, they are also increasing their attack surface, potentially making highly sought-after user data more accessible to cyber criminals.

While digital transformation offers opportunities for incredible leaps in performance, innovation and quality of life, it’s important to be mindful that the very forces that drive accelerated growth also exacerbate existing and newly created security and compliance weaknesses. Consistent implementation of security controls and traditional themes of confidentiality, integrity and availability of data are more relevant than ever.

Here are the top financial services digital transformation initiatives and associated risks considerations:

Consumer Engagement

Omni-dimensional consumer engagement is the key driver of digital transformation in the finance sector, with 93 percent of financial services firms stating that the main objective of digital transformation is to improve the customer experience and increase engagement. To achieve this goal, financial services firms are focused on improving their capabilities in three key areas:

1. APIs

An application program interface (API) is code that allows programs to communicate and integrate with each other. API use at financial institutions is growing as consumers look to integrate their financial and payment card information with third-party financial applications, thereby capitalizing on the real-time financial information provided by open banking.

This poses security risks for financial services firms, as data and applications are increasingly attached to connected mainframes. Where consumer data has historically been secure on isolated mainframes, APIs (though providing greater accessibility) also open data up to increased cyber risk by providing users and applications unprecedented access to the datacenter.

2. Applications

Similar to the risks posed by the increased usage of APIs, financial services firms must also exercise caution as web applications become more ubiquitous. According to the Verizon Data Breach Investigation Report, web application attacks are the most common source of data breaches.

Verizon DBIR 2016_ Web Application Attacks are the #1 Source of Data Breaches.png


As consumers provide their personal and financial information to more applications, financial institutions have to be wary of application vulnerabilities that might be exploited for access to the network and data belonging to those consumers. Indeed, the Verizon report finds that rigorous application vulnerability management would mitigate almost 25 percent of all cyber-attacks leading to data breaches.

3. Agile and DevOps

Consumers are demanding rapid access to their financial information, as well as regular updates to the digital capabilities offered by financial services firms. To maintain a competitive pace, financial firms are turning to the agile and DevOps methodologies of software development. These methodologies each promote continuous integration and delivery through collaboration. While this accelerates more regular releases and updates, the faster development cycle also means less time for security testing, thereby potentially increasing the proliferation of applications that might contain vulnerabilities.

To mitigate the risks posed by APIs, applications and faster development processes, financial services firms must implement advanced application security protocols alongside their digital transformation initiatives. This includes web application firewalls and application delivery controllers to assist in securing and scaling application use.

Employee Engagement

While the greatest digital transformation emphasis is placed on consumer engagement, employees at financial services firms are also demanding access to the many technical benefits offered by digital innovations: 76 percent of financial services employees [opens in PDF] state that it is very important for them to work at a digitally enabled organization.

Improved data analytics and accessibility and greater efficiency in collecting and sharing the most accurate intelligence are a few of the ways that digital transformation can improve employee productivity.

Oftentimes, this means giving employees access to the cloud and cloud-based applications. However, while cloud computing can offer competitive advantages, it can also decrease visibility into data movement as well as application usage. However, not providing such cloud-based capabilities not only means that organizations lose out on opportunities, but they also increase the likelihood of the adoption of shadow IT and increased data leakage as employees seek alternative ways to achieve those results.

With careful planning, however, financial services firms can enable employee engagement through digital transformation without compromising security. They can start by implementing in-depth cloud security protocols, especially Cloud Access Security Brokers (CASBs). CASBs allow organizations to extend their own security controls into the cloud and SaaS applications.

Combined with multi-factor authentication, IT teams can accommodate employee needs while securing their hyper-connected ecosystems. As the cloud becomes an increasingly necessary piece of digital transformation, financial services firms will have to take careful note of how moving data to the cloud increases their cyber risk and take steps to minimize those risks.

Final Thoughts

The financial services sector continues to undergo major operational changes driven by digital transformation. However, while increased digital capabilities (applications, APIs, cloud computing, etc.) can offer major benefits and competitive advantages, they can also open financial services firms up to immense cyber risks, with 86 percent of banks citing data risks as their top emerging threat.

To mitigate these threats, financial services firms have to be aware of the risks that come with new capabilities and adjust their security architecture to meet these new demands, thereby ensuring neither innovation nor security is compromised.

About Jonathan Nguyen-Duy

Jonathan Nguyen-Duy is Vice President, Strategic Programs at Fortinet, where he focuses on emerging technologies and key partnerships. He has unique global government and commercial experience with a deep understanding of threats, technology, compliance and business issues. 

More About Jonathan