As customers demand 24/7 digital access to banking in the post-pandemic reality, fraud and security breaches have also become top of mind in this interconnected environment and banks must do more in the face of growing security complexity, says technology company IBM South Africa GM and Technology Leader Ria Pinto.
The firm said that for the Financial Services industry, the pandemic outbreak was a moment of reckoning for security and fraud prevention programs and today, it has never been more important to combine data across security functions, to predict and respond proactively and make well-informed risk decisions that drive business performance.
It said that with society leaning more heavily on digital interactions during this pandemic, they saw new financial business models gain industry momentum along with the accelerated adoption of digital processes with anything from customer onboarding, to authentication, secure transaction authorisation, and verification processes. All of which have had to take place without service providers ever meeting a customer or seeing a tangible piece of ID.
This was as data breaches now cost South African companies R46 million on average, hence financial services institutions were finding they needed to do more to help protect sensitive data entrusted to them by employees and consumers.
Pinto said that for financial services organisations, cybersecurity demands were about to increase drastically in this sector.
“The once “connoisseurs” of security controls will soon be faced with an urgency to redesign and recreate a whole new security construct to secure their environments and customers. This is the case for banks that are seeing the era of the Digital Native come into full swing and have to adapt quickly.”
She warned that lying ahead for banks was a “faceless” threat, which the current security constructs would need to adapt to.
“Digital Natives are the next generation customer profile that is already beginning to shape the future of the financial industry. Their demand for speedy, frictionless, and fully digital experiences are augmenting the industry’s investment into hybrid cloud, AI, and modernisation. But banks will need to understand a truly unique characteristic of the digital native customer: it is largely someone that they don’t know, nor will they ever physically meet.”
The general manager said with a growing number of customers seeking online banks that were nimbler and more cost-effective, this push was thrusting the industry into challenging security territories.
“The risk scale will begin increasing many-fold as more customers begin to flow in from anywhere, unlimited by physical locations, and using a variety of devices to access their banking vendors’ services.”
IBM South Africa said AI would increasingly be used for the identification, mitigation and resolution of cyberattacks, especially the most common breaches, allowing expert talent to focus their attention on the most complex and serious attacks.
“The reality for most organisations is that the most successful cyberattacks are the ones you don't even know are occurring-making a zero-trust security architecture which permeates every business environment at all times essential,” Pinto said.
She said that while banks were now turning to the power of hybrid cloud and the rise of specialised clouds to deal with the stringent regulatory and compliance requirements–complexities continued to grow.
“The many variables that digital native customers introduce to financial services environments and the expanded relationships that standalone digital banks rely on are adding to a growing attack surface.”
Pinto said of the companies they studied, those that adopted a zero trust security approach were better positioned to deal with attacks and data breaches. “South African organisations with a mature zero trust strategy had an average data breach cost of R29 million – which was R25 million lower than those who had not deployed this approach at all.”
IBM South Africa said it was essential that banks design a strategy on the assumption of compromise.
“By operating with the notion that an environment is exposed by default, and an adversary has already exploited that exposure to compromise a financial services network, the business is more readily prepared to scrutinise its trusted relationships.”
BUSINESS REPORT