We live in a rapidly changing and complex world, technology wise, and nowhere is that more apparent than in financial services. If you just look at what is happening in the stocks and shares market, you will see trading platforms where, as an investor, you can now hire a portfolio manager who is a non-human – a fully IT autonomous system, which will make investment choices for you, based upon machine learning. But how much are people willing to trust such systems, knowing that incidents have happened where hundreds of millions of dollars have been lost through what has been disarmingly termed “system glitches”.
So where will banking go in the future? Most certainly, it will be analytics driven, because that is the most economical and, in some ways, the only path to take. And while it is true that many financial institutions are investing to avoid a repeat of past calamities when the banks were hit so deeply, they are still not at an optimal level of maturity, because of all the legacy issues they have to deal with. Their ability to progress quickly is also limited by the constraints they are under around existing compliance mandates and doubts over the impacts of future regulation.
Many banks are also nervous about moving to cloud-based security, as their natural instinct is to keep everything in-house. Yet simply buying more technology does not necessarily mean your business is going to get any better at cyber security, especially the elements of detection or response, unless you have the right business processes to tie that together. Unfortunately, many organisations still believe that by buying the latest shiny widget, they will be cyber secure – but that is a fallacy. Around your technology you need to build an integrated, single strategy that includes the people, especially those who are typically non-technical business, as well as the processes.
That means the banks will have to evolve in the future, if they are to take advantage of the benefits, by embracing the technology that provide the highest levels of customer, and ultimately shareholder, whilst including security (by design) that enables the business, not restricts it. More than that, they need to move to a more balanced resilience approach. Indeed, some already have quite well developed Security Operations Centres (SOCs), but are investing in advanced machine learning and threat actor analysis, in order to understand where the risks are in real time and who is targeting them. This is the future for cyber security.
Ultimately, and often this is where many big banks still fall short, you need to have a truly integrated approach that moves the maturity & posture of the organisation forward, while effectively delivering strong cyber risk management in line with business value. By availing themselves of analytics for better insight consumer engagement and cyber threat intelligence, they are moving firmly in the right direction. Conversely, failure to implement a holistic strategy will ensure the business is left vulnerable.
The real bottom line is that you have to have a global view of the threat landscape and that means knowing what is happening outside your own walls and beyond the enterprise data you actually own. With the right partner in a close alliance, that goal is there to be realised.
