Banking's Digital Future Raises Security Concerns - Security Boulevard

Banking’s Digital Future Raises Security Concerns

As the global financial services industry undergoes a seismic shift, disruption is prompting the industry to replace traditional practices, with emphasis on the inevitable digital future banks will have to embrace.

In a report from Deloitte, nearly three-quarters (73%) of respondents said they fear their organizations would lose competitive advantage if they fail to adopt blockchain and digital assets.

However, even as new payment options represent a “very important” role for digital assets in their organizations, there are a multitude of cybersecurity issues looming unresolved on the horizon.

Unresolved Security Issues on the Horizon

According to the survey, cybersecurity issues are among the leading barriers to acceptance of digital assets, cited by 71% of survey respondents, while nearly 70% of survey respondents identified data security regulation as being most in need of modification.

“These findings suggest that even the most dedicated believers in digital assets have legitimate security concerns,” the report noted. “It is perhaps unsurprising that respondents identify data security and privacy as the regulatory domain most in need of modification.”

Overall, nearly 80% of overall respondents said that digital assets will be very or somewhat important to their respective industries in the next 24 months. When it comes to blockchain use cases, security information was the most cited use case for the technology.

Mark Kedgley, chief technology officer at New Net Technologies (NNT), pointed out that one of the reasons why there may be security concerns is that blockchain is still a relatively new innovation to an industry where the banks are used to controlling everything and writing their own rules.

“Now, they are being rushed into adoption to avoid being left behind, and good security practices don’t ever jive with doing things hastily,” he said. “Blockchain provides a new and inherently secure interchange technology, so it potentially delivers at least one secure component to the new banking landscape.”

However, he noted that cybersecurity challenges will still exist in the new world, with foundational security best practices such as change control and vulnerability management still being essential.

Indeed, the report pointed out that to ensure robust operational preferences, the custody of digital assets would require a new kind of technical infrastructure as well as new processes and procedures.

Is There a Future for Blockchain in Banking?

John Bambenek, threat intelligence advisor at Netenrich, a digital IT and security operations company, was of the opinion that blockchain would provide no long-term role for financial services industries.

“With the inherent volatility in digital currencies combined with a history of significant losses both to individuals and exchanges due to digital currency theft, the primary cybersecurity concern is showing the money stays where it belongs and it’s not easily and trivially stolen,” he said.

Bambeck said ultimately, financial services companies are beasts of risk management.

“There remain significant unanswered questions about the risk of asset volatility, who is liable for fraud losses or even the ongoing regulatory landscape,” he pointed out. “The reality is, digital assets cannot be regulated the same way as banking transactions are today.”

This means existing regulations don’t work or are too cumbersome to operate in this landscape.

“However, there still remains the large need to address money laundering, cybercrime and legitimate government interests when it comes to the transfer of funds,” he said.

Hank Schless, senior manager of security solutions at Lookout, pointed to other risks facing the financial industry in the age of digitalization, noting that the company’s own data indicates that globally, across all industries, almost 45% of consumers were exposed to a phishing link on their mobile device.

“Our data also shows that more than a fifth of consumer banking customers encountered a banking Trojan on their mobile device,” he said. “Attackers will frequently use phishing links as a vehicle to deliver malware that can live on the device for a longer period of time and continuously exfiltrate data from the device.”

The risks aren’t just limited to consumers, however, with Schless noting that, in the first quarter of 2021, 23% of financial services employees were exposed to a mobile phishing attempt—almost the same as in the first quarter of 2020, when the exposure rate was 26%.

“This shows that threat actors are taking advantage of the tail end of the pandemic in the same way they took advantage of the uncertainty at the start of it,” he said.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 56 posts and counting.See all posts by nathan-eddy