Addressing Security Challenges in the Financial Sector
With cyberattacks on a dramatic rise amid the current pandemic, we look at how cryptography, containerisation and other fintech measures can safeguard the financial sector from emerging threats.
Security has long been the number one priority for organisations when building and maintaining an IT infrastructure, as they seek to ensure data privacy is protected in ever more challenging circumstances. In any given week or month, we now expect to see a headline reporting the latest cyber-attack or data breach, and it’s evident that a number of companies are yet to find a way to responsibly manage the growing cyber threat landscape. The financial services sector is particularly prone to such attacks given the vast amounts of sensitive information it handles. A global report from Accenture and Ponemon revealed that the average annualised cost of cybercrime for finserv companies is - at $18.5 million - over 40 per cent higher than the average cost per firm across all industries. As such, it is imperative that firms within the industry are adopting the right technologies to protect themselves. Stephan Fabel, Director of Product at Canonical, explores the security benefits of financial services taking on new technology.
One of the most well-known security solutions used in banking and fintech today is encryption. The challenge, however, lies in bringing this level of security to the wider industry. Finserv customers expect robust security measures while still being able to benefit from ease of deployment, flexibility, and agility - the combination of which can be a challenge for IT teams to achieve. Yet there are solutions to this issue. IBM has demonstrated one example, working alongside Canonical to provide fintech customers with the technology to optimise data protection and privacy across both containers and multi-cloud infrastructures.
The Arrival of Containerisation
The “secure service container”, developed specifically for container-based applications on IBM’s LinuxONE, offers developers a combination of hardware and software, thereby allowing them to derive the same quality of security that they would on Linux, and in any data centre - whether on-premise or in the cloud.
Finserv infrastructures of today and tomorrow are being built around Linux, precisely because it offers easy deployment alongside providing a highly functional and easily automated stack. Such capabilities have already drawn leading industry players such as Barclays to build whole data centre infrastructures around Linux. In addition to giving IT teams easy access to innovations and software frameworks, open source software also increases trust, which is essential for security compliance in the long term.
Finserv infrastructures of today and tomorrow are being built around Linux, precisely because it offers easy deployment alongside providing a highly functional and easily automated stack.
Equally, a further benefit of open source is the strength of its community of developers, which is very quick to identify and fix bugs or errors. This isn’t the case with close-sourced software, where access to the back-end is limited, making it difficult to assess the reasons behind any problems.
Above all else, containerisation enables finserv companies to unlock new levels of security, cost savings and developer efficiency. The majority of developers are not security experts, and are prioritising cost efficiencies when deploying new systems and applications. Containers allow them to move things to the cloud at the push of a button, and it will run as a virtual machine. Developers have not always had the opportunity to take advantage of the advanced hardware security offered by such technology, which restricts entry to cyber criminals, even if they have physical access to computers.
As a result, it’s not surprising that banks and fintechs are turning to this technology to provide more robust protection against increasingly common attack factors, including malware, ransomware and memory scraping. A report last year from 451 Research highlighted this, with containers (29%) ranked alongside AI and machine learning (36%) as the financial industry’s top IT priorities.
Cryptography and Blockchain
We’ll also see additional threats come to fruition within the next decade or so, as the power of quantum computers becomes sufficiently capable to break all current cryptography keys. It’s essential that the finance sector remains ahead of the game and is prepared for this development in advance. Certain technology vendors have already populated their systems with such algorithms, moving from firmware into hardware. When quantum computers advance to the required level of power, businesses will need to decrypt all of their data, and re-encrypt it using innovative and ultra-secure methods such as quantum cryptography.
Blockchain technology is also set to become one of the principal security algorithms within the banking and financial sectors. Ultimately, the goal is to enable organisations to operate, test and run analytics without data. The sector also benefits from the vast number of innovative new players coming to market and operating within the space - all of whom build their IT infrastructures on non-monolithic systems, thereby freeing themselves of the shackles of legacy systems.