Are Your Bank’s Leaders Fighting the Last War?
In the past, financial crises were caused by a small number of factors. When depositors lose faith in a bank, they pull their money out. High inflation causes people to lose trust in currency itself. In other cases, irrational hope drives prices higher and higher, such as the myth of eternally rising home prices in the 2000s. Over time, deposit insurance, regulation, and other mechanisms have developed to limit these risks. Unfortunately, one major risk remains that could be the cause of the next financial crisis: cybersecurity failure.
As more financial activity moves to the online world, banks have become major targets. Robbing a bank no longer requires guns, hostages, and a willingness to risk one’s life. There are websites on the “dark web” where one can hire “hackers for hire” or “crime as a service” companies. With trillions of dollars of assets under their protection, banks are a major target. That’s why financial companies are scrambling to invest heavily in improving their cybersecurity defenses.
Major Issues in the Banking Industry: Cybersecurity, Fin-Tech and Customer Expectations
What issues are keeping bank managers up at night? Technology concerns are at the core of today’s burning issues in banking. Here are some of the issues, according to research from consulting firm PwC.
- Financial losses from cybersecurity incidents. As the old saying goes, robbers target banks because that’s where the money is! KPMG research identified over $100 million in losses to cybersecurity incidents in recent years. The true losses from cybersecurity failures are likely much higher because many incidents are not publicly reported.
- Increased competition from Fin Tech (“Financial Technology”) companies. For years, banks could count on making money from payments. The rise of PayPal, Apple Pay, and other firms throws that assumption into doubt. New players are also becoming active in lending, investing, and other categories. 82% of banking and capital markets CEOs see challenges in maintaining trust in a digitized world, according to PwC research.
- Consumers have higher digital expectations. Customer service expectations are shaped by Amazon, Apple, and Google. That means customers will have little patience for filling in paper forms and waiting days for a response from their banker. Meeting this demand for digital services is pushing banks to invest heavily in new technology. For example, using Amazon Alexa — a voice activated assistant — you can carry out banking activities at Capital One and other banks.
As banks explore artificial intelligence, cryptocurrency, and other innovations to grow, cybersecurity will only increase in importance. To address this challenge, evaluate your cybersecurity program holistically.
People, Process, and Technology: Ingredients for Effective Bank Cybersecurity
If you view cybersecurity mainly as a technology problem, you are more likely to make mistakes. In fact, effective cybersecurity requires people, technology, and processes to work smoothly together. If you have strong technology and no training, your staff are more likely to fall victim to “social engineering.” Weak technology, on the other hand, will leave your employees overwhelmed as a huge volume of attacks occur. Strong identity management requires all three elements: people, process, and technology. As you consider solutions, evaluate how each vendor would work in your environment.
Selecting an Identity Management Solution for a Bank: Technology Considerations
A full technology evaluation goes beyond the scope of this article. Use these questions to start the process of building your technology criteria.
- Compatibility with highly sensitive systems. Depending on your budget, you may not be able to apply full identity management to every system. Therefore, focus your efforts on which systems are critically important. For example, you may want to focus on payment systems if your bank focuses on payment services.
- Compatibility with Microsoft services. Many of the world’s largest banks depend on Microsoft technology for servers, email, and more. If that is your environment, question the vendor about which Microsoft products are supported.
- Integration with human resources systems. If your identity management solution does not talk to HR systems, managers will have more manual work to stay current. Identify your major HR systems first and evaluate whether the identity solution is compatible.
Selecting an Identity Management Solution for a Bank: Process Factors
There are several ways to look at process factors when it comes to identity management. To guide your brainstorming, use these idea starters:
- Segregation of Duties. For identity management to succeed, independence is critical. Otherwise, you could end up in a situation where users can approve their own access! Evaluating potential identity management solutions on this point is crucial.
- Delegation Support. What happens when a key manager or executive goes on vacation? Setting up an email auto-reply is not going to cut it. You need a process where identity management authority (e.g. approving access changes) can be delegated to another user.
- Audit Support. The ability to produce, retain, and fulfill audit expectations is crucial in the banking world. Look for an identity management solution that includes robust audit support.
Selecting an Identity Management Solution for a Bank: Support Your People
If you are implementing a new identity management program, supporting your people through that transition makes all the difference. An identity management vendor can support this process. Look for resources such as quality and quantity of training materials (e.g. video demonstrations and help articles) and ongoing support. The ability to pick up the phone and get support from your vendor matters when you face a crisis.
Make Sure You Consult the Right People Before You Select a Vendor
Today’s banks are complex organizations with many specialized stakeholders. Take internal audit for example. To win their support, read our article Will Your Vendor Selection Process Stand Up To Audit?. With a technical stakeholder, you may want to highlight recent news events such as the biggest security breaches of 2017.
Sources
Amazon Alexa can now pay your Capital One bill (Techcrunch)
Key findings from the banking and capital markets industry: 20th CEO Survey (PwC)
Cyber security is the most prevalent IT risk for banks (KPMG)