BLOG

The Future of Cybersecurity in the Banking Industry

Cybersecurity and the banking industry have been long-time partners. With everything going into a more digital world comes also the risks of cyberattacks. What is the industry doing on cybersecurity and what should be done? Let’s figure it out together in this new article. 

Cybersecurity is not a new term in the financial industry but keeps being a pressing issue. Since more and more are turning to the digital world, from buying something online to paying bills, all has gone digital and so has the banking sector. With people going cashless and most of today’s transactions -such as opening an account- are done online, the financial industry needs to take security to the next level. Despite cyber threats being as old as the internet, they have been growing not only in numbers but in sophistication requires entities like banks to be at the forefront of cybersecurity innovations.

An attack can have devastating effects for entities like this that deal with tons of personal information. Banks don’t only put at-risk sensitive data but also money, reputation, and trust that can vanish in the blink of an eye. They store big amounts of critical and valuable data electronically and the risk of a data breach grows day after day. According to research carried out by the New York Federal Reserve, financial firms experience 300 times more cyber attacks than firms in other industries

Managing not only personal but also financial data turns organizations in the banking and finance sector into clear targets and once a customer comes face to face with fraudulent activity, it is already too late. Not only money may be lost but also one of the main assets banks embrace is reputation. Studies indicate that a data breach can cause 65% of consumers to lose trust, while 85% would stop engaging with the organization. A good reputation promotes trust and putting all this at risk because of a poor cyber security solution may be hard to revert.  But even though almost every financial organization is already applying measures such as KYC (Know Your Customer) and ALM procedures to fight financial crime, fraud, and money laundering, none of them seem to be 100% effective against vulnerabilities. 

According to IBM’s 2021 Cost of a Data Breach Report, data breaches in the financial industry have the second-highest costs after the healthcare sector. Verizon’s Data Breach Investigation Report (DBIR) places the financial industry in the top five for the number of security incidents in 2021. This scenario just sets extra pressure on these institutions that need to rely on robust and comprehensive technology to fight all these kinds of vulnerabilities.

So here are some of the security challenges banks and financial companies must put an eye on as well as some recommendations to build a strong IT environment.

Employees are becoming enterprises number one brand guardians

Even if banks invest huge amounts in cybersecurity, employees may leave the company open to vulnerabilities, especially as new risks come to light. According to IBM’s Security X-Force Threat Intelligence Index, Phishing was the most common infection vector for financial services, leading to 46% of attacks against this sector in 2021 and also the Anti Phishing Work Group (APWG) noted that June 2021 set an all-time record high with 222,127 phishing attacks that month alone. In order to fight all kinds of threats, staff members must be properly trained to be able to address old and new threats that can lead to compromising the bank’s reputation.

Attacks like these still use staff members as the first point of access as phishing scams can take different forms. So having an untrained team creates a weak point that could be easily exploited by an intruder. Thus embracing regular phishing training gives employees the proper tools to better spot phishing emails and to know how to respond to these threats. There are approximately 15 billion spam/phishing emails sent per day, nearly half of which target or impersonate financial institutions.  Employees are just one click away from a link or downloaded attachment that may put a whole company at serious risk. This is why they become the first line of defense an organization has, and by giving them the right tools you don’t only protect them but the entire company as well as consumers or clients.

Attacks are not slowing down but increasing instead

While in the old days breaking into a bank involved digging large deep tunnels and having a team of experts in the matter, today cyber thieves can do the same or even more harm without any risk at all. In addition to this, digital banking has gained popularity among users in a world driven by cashless and online transactions opening the window to attacks. Online financial transactions have gone so far that according to BBVA, one of the banking giants around the globe, 33% of Americans in the so-called millennial generation believe they will no longer need banks in coming years. This whole new picture that includes bitcoins and fintech also pushes traditional banking to offer new and faster digital services. 

With the banking industry expanding and gaining weight and presence in the digital world also attacks broaden. The use of apps and other digital services makes consumers’ lives easier but becomes vectors for new attacks also. Securing digital banking means being aware of this changing scenario and the challenges they may need to overcome. This means continuous monitoring technology that is up to date with potential threats. Poor IT infrastructure can suffer devastating effects in this new scenario. So counting on the right tools to manage vulnerabilities as well as being continuously updated on threat opportunities is crucial for all financial institutions, regardless of their size.

File sharing: limits are needed

Open Banking is all about sharing data and providing customers with services and products that improve well-being as well as offering better experiences. Through Open Banking users can share information with third parties through APIs (Application Programming Interfaces). This means people can now easily share their banking information with other companies using a secure channel. But a bitter consequence of this new banking reality is that cybercriminals could end up with lots of data too. 

Technology here should be able not only to meet customers’ needs but focus on security and transparency too. Not only traditional banking but fintech too need to count on a strong and robust IT architecture able to protect them from hackers getting into a bank’s network through a third party. Open banking made an important transformation within the financial industry making individuals capable of controlling their own financial data at the touch of a button while also leading the whole financial industry to be more transparent and innovative. But putting at risk all of this because of a poor cybersecurity solution may have hard consequences on the entire ecosystem. Anyone with a device, especially when connected to online services, is in the potential danger of being hacked. In order to prevent this, zero trust architecture became an important ally to secure online transactions.

Although this solution may become overly inconvenient for users. Needing two or even three authentication methods to access an account makes everything more complicated as users may get annoyed leading finally to the worst scenario that is making the system vulnerable. Login should be an easy and fast task as it’s usually performed on a daily basis. Users demand organizations like banks have strong and robust security measures that don’t stress all the responsibilities on them. In addition to this, customers also began demanding stronger MFA protection against account takeover fraud, and vulnerabilities, and the financial industry can give a response to this through facial biometrics. Through the combination of facial biometrics and password, enterprises may achieve multi-factor authentication that is robust, frictionless, and at the same time easy to use, reliable, and effective against cyber threats.

Choosing the right cyber solution

These aren’t easy times for the financial industry. With financial services doing more digitally than ever, the attack surface has gotten larger, making it necessary to re-think the ways to protect and secure critical assets. Banks such as the Bank of America have been spending over a billion dollars a year on IT and cybersecurity and in the last ten years, banks have spent $100 billion on technology, including technology-focused on security. But has this been enough? 

Financial institutions are now beginning to understand that cybersecurity means not only safeguarding IT infrastructure but educating both customers and employees night and day. Managing a bank’s cybersecurity is a complex task but not impossible. It is becoming clearer that investing in technologies is not investing in the future anymore but thinking in present times.  They can not rely on solutions that focus on repairing the damage anymore but instead need tools to detect attacks in real-time. And so, one of the fundamental features of cybersecurity has to do with identity and authentication management.

Here, passwords, pins, and access cards have shown a lack of efficiency and become outdated mechanisms to validate access. Nowadays user authentication has not only to do with giving access to a certain web or app but also with verifying the user’s identity. So AI has started playing an important role in Multi-factor authentication helping to improve cybersecurity with additional factors, such as fingerprints or facial features, and not just a password. The whole concept of this second factor is using something hackers cannot get hold of. Biometric-based technology as a multi-factor authentication method eradicates the threat of stolen devices or information. This technology is therefore becoming essential to enhance cyber defenses and at the same time identify and remediate new threats accurately and at a high speed. The market offers a vast variety of solutions and enterprises can dive among them and find more suitable solutions for their unique needs.

The banking industry is changing for good. By going more digital financial institutions are not only helping strengthen the global economy but ensuring time-saving and more convenient financial transactions. Therefore, protecting customers’ data is non-negotiable. Their success or failure relies on their ability to manage data securely.

Here real-time cybersecurity monitoring comes as the best solution that allows getting user authentication, data protection, and vulnerability control easily, all at once. Facial biometric solutions in the market focus on the deployment of mobile devices, but it is time for computers to get the same treatments, especially in these tech-dependent industries. The answer to this clear gap in security technology is facial biometrics technology that is device-based (privacy-first) and offers user authentication, security, and prevention against cyber threats that are continuous. This means, securing the device from beginning to end not only when having access. Thinking about all this is that we developed, at Hummingbirds.ai, a solution through video-based authentication. GuacamoleID is an on-device, cloud-independent technology relying on video biometrics built on zero-trust architecture and leaves facial, and privacy information in the power of the user.

Our technology secures any interaction being digitally performed on the device, so that the user, whether an individual, an employee or a company, has the certainty that those actions and their privacy are completely safe and guarded against intrusion, both internal or external. Another important feature of GuacamoleID is that it can be set up to authenticate employees and bind them to devices on-demand or continuously, saving time and resources and maximizing security, efficiency & productivity. Using biometrics from video offers extra security control as it is tested under highly unrestricted environments such as variations in light or distances.

Another important feature of GuacamoleID has to do with liveness detection. This is a really useful tool to verify a person’s digital identity for their retirement and pension payments. Most banks or financial institutions have life certificates as a mandatory requirement. This exposes elder people to long waits, endless queues in adverse weather conditions, the fear of being robbed, or simply the complicated process of having to move from one place to another. Through liveness detection, banks can authenticate the user’s identity, proving the beneficiary is alive as well as safeguarding against account takeover fraud as it distinguishes if someone using a photo of the benefice-holder wants to impersonate the user.

According to a number of studies including Gartner, about the future of user authentication and biometrics, it is believed that 50% of all business transactions and 20% of customer authentication will be passwordless within the next three years. Security plays and will keep playing a major role in financial institutions. It’s time to start approaching cyber solutions from a long-term perspective. We are ready. Are you?