Big banks and fintechs need each other. But cybersecurity must be addressed to ensure a safe collaboration, says Paul Anderson
We live in an instant world where consumers expect to be able to pay bills and get loans easily on any device, and where the advent of instant bank accounts, balances, and even sharing money with friends via text has only seen the trend grow.
Because of this, the financial services sector has gone through a myriad of changes as the demand for more access and instant transactions has grown.
But, often hampered by legacy structures, many financial institutions have found this to be a difficult transition. Many banks still rely on legacy IT infrastructure, such as mainframe and dedicated datacentres, and are hindered by strict regulatory standards that make it difficult and risky to open up their networks. How can financial services keep up with changing consumer demands?
Agility for agile lives
Agility begets agility. And no organisations are better suited to the task than fintechs. Born out of a tech and user-experience-first background, fintechs were made not only to disrupt, but to also constantly adapt to a changing landscape. This transition, therefore, has been brought on and supported by an explosion in fintech companies and solutions that have had an immense disruptive impact.
Through the use of both IoT-connected devices and application programming interfaces (APIs), fintechs have been able to revolutionise how people interact with their money and their banks. This has left them innovating at a rapid speed: new products, updates, and collaborative apps are being sent out at a faster pace than before.
Open Banking was an example of this. Allowing third parties to access customer data meant the customers would be able to ‘plug and play’ with multiple businesses all in one app.
But, on the other hand, this new fast-paced banking has left regulatory bodies reeling, and struggling to keep up with the changes.
Security for the ages
As fintech becomes more ingrained in consumers’ everyday lives, security measures need to be updated and integrated into new models of banking. Accessing, storing, and securing sensitive personal data that cyber criminals want is an increasing challenge. Regulation will follow suit eventually, and soon enough will become stricter and harsher in a bid to keep consumer data safe. A prime example was GDPR, which, launched last year, saw a major crackdown in how we access, share, and use personal data. Companies were now more liable than ever if there was any mishandling or mismanagement of consumer data.
But what about security? Effective digital innovation also makes ample use of cloud computing and storage. Many fintech companies utilise cloud services to provide consistent, scalable performance with lower upfront costs. But a new way of working means a new way of securing information.
The cloud needs to be secured differently to a traditional network or datacentre. As a result, if financial data is going to be stored in the cloud, banks and fintech firms must ensure that the same security standards they apply to their own networks are also applied in the cloud. Beyond just adaptation and prevention though, any security measures need to be agile enough to grow seamlessly alongside cloud use.
But these types of defences also need to be enabled with automated threat intelligence built into them as a holistic system. As security devices monitor the network, they naturally collect data on at-risk devices, known attacks, common attack trends, and more.
To be effective, this information needs to be dynamically shared and correlated across all security instances.
As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a manner that allows them to respond to risk in a timely or meaningful manner.
Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organisations to keep pace with cybercriminals.
As these two sides of the financial services space increasingly partner up, then cybersecurity – especially application security, cloud security, and automation – will have to become a top concern to maintain data protection and meet compliance requirements while responding to the shifting demands of the marketplace.
No man – or financial institution – is an island. Moving forward, for the best for both industry and consumers, established financial institutions and new fintech firms will need to collaborate in order to continue driving innovation and meeting consumer needs while simultaneously satisfying new regulatory requirements. The success of each set of organisations is dependent on the other.
For established firms, these partnerships will allow for faster innovation that keeps pace with consumer demands, while the value for smaller fintech firms will come from the revenue, scale, and credibility banks provide. For example, Fortinet collaborated with Scottish fintechs which understand the need for updated security measures, to ensure their customers’ data is safe every step of the way.
But big banks are concerned with the cybersecurity (or lack thereof) of many fintechs. This is in part because younger fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns surround application security and cloud use in particular, which are the most important development inflection points demanded by the market.
This is why banks and fintech organisations should seek to integrate traditionally isolated security solutions together, using a common security fabric approach that allows for instant and dynamic communication and collaboration within the security architecture. This will help ease the worries of established financial firms, while plugging any security holes that fintechs might currently have.
Big banks and fintechs each require elements the other can provide in order to successfully meet growing consumer demand for greater access to and management of their finances. But cybersecurity demands need to be met in order to ensure that this is a smooth and safe collaboration. Partnering with cybersecurity specialists can ensure the safety of consumer and company data alike.
As these two sides of the financial services space increasingly partner up, then, cybersecurity – especially application security, cloud security, and automation – will have to become top concerns to maintain data protection and meet compliance requirements.
Paul Anderson is regional director UK & Ireland, Fortinet
This article first appeared in the Vision supplement in the Scotsman – see it in full here.