Accenture: fintech, cybersecurity and how to manage risk
What is the cybersecurity threat landscape for fintechs in 2020? Accenture’s insight provides some clarity
The pace of digital transformation across the financial landscape continues to quicken.
In such an environment the digital or cyber threat proposition evolves rapidly, making it essential to maintain the highest standards of technology and preparedness, and keep up to date with the impact of cyber trends.
According to Accenture’s 2019 Ninth Annual Cost of Cybercrime report, financial services incurred the highest cybercrime costs among all industries studied in 2018.
In this research, Accenture explains: “As industries evolve and disrupt the current environment, threats are dramatically expanding while becoming more complex. This requires more security innovation to protect company ecosystems. The subsequent cost to our organisations and economies is substantial - and growing.”
Across all industries, Accenture found that information theft is the most expensive and fastest rising consequence of cybercrime. However, it noted that there are several drivers behind the evolving global cybersecurity threat for all sectors:
- Evolving targets: data is no longer the only target according to Accenture. Rather, companies worldwide are seeing their core systems - controls systems and infrastructure - being hacked, which can lead to greater disruption.
- Evolving impact: it’s no longer just about theft. For example, cyberattacks are changing approach from simply stealing data to destroying or altering it to create distrust. Today, data integrity itself is vulnerable.
- Evolving techniques: attack methods are adapting quickly. Accenture found a focus on “the human layer” that targets the weakest link - people - through phishing and malicious insiders.
Fintechs and banking: cybersecurity threat
The largest financial services industry data breach occurred in September 2017 when Equifax, one of the three largest consumer credit reporting agencies, exposed the personal information of 147 million people.
The breach was caused by an unpatched Apache Struts vulnerability - Apache Struts being a framework on one of the company’s US-based web applications. It saw the names, social security numbers, dates of birth and other information being disclosed and resulted in several members of Equifax’s C-suite stepping down.
This was by no means an isolated incident. After Equifax, other significant financial services data breaches have seen as many as 130 million, 90 million and 76 million people and households affected.
In a 10 December blog, Be Safe: Cybercrime in the Financial Services Industry, Accenture defined a cyberattack as “malicious activity conducted against an organisation through the IT infrastructure via the internal or external networks or the internet. Cyberattacks also include attacks against industrial control systems.”
Malicious insider attack, or threats from inside a company’s firewall are the most dangerous, it says, costing an average of $243,000 per incident and taking more than 50 days to resolve.
As to why this is concerning for banks and financial services institutions, Accenture found in its research that, in the banking and capital markets, only 18% of Chief Information Security Officers (CISOs) believed their employees to be held responsible for cybersecurity.
Historically, banks and other organisations had one mission: to keep money and information safe from all. Beyond that, says Accenture, additional investment in preventing insiders from accessing data or other information was never prioritised.
Technology vs cyberattack
Innovative and advanced technologies are not being used to their full potential in cybersecurity applications, Accenture finds.
For example, it reports that only one-third of companies are deploying technologies such as machine learning or AI, while only 24% said they were using cyber analytics and user behaviour analysis to their advantage. The latter figure had actually decreased from 31% a year previously.
Accenture calls this trend discouraging, noting that it “suggests financial services firms are struggling to keep up with the rapid pace of new technologies and, as a result, are not making the appropriate investments to increase operations efficiency and reduce risk”.
Because the cyber threat landscape continues to diversify, more focused investment in the right technology can pay dividends.
Accordingly, it set out five key steps for financial services companies to take to begin corrective action:
Increase defenses against web-based attacks
Focus on reducing ransomware occurrences
Invest to prevent disruption to business
Increase the deployment of technologies that have a high return on investment, such as automation, machine learning and AI
Manage the use of ‘less effective’ technologies liek enterprise governance, advanced perimeter control and the extensive use of data loss prevention.
Cybersecurity: man vs machine
Despite malicious insider attacks growing at pace, Accenture reveals in its Cybercrime in Banking and Capital Markets: Technology and Human Vulnerabilities blog that spending on the ‘human layer’ of cybersecurity is insufficient - with only 9% of total budget being spent upon it (network and application layers have the most investment at 37% and 27% respectively).
The largest proportion of investment is being made in security intelligence and threat sharing (79%), although Accenture expects technologies such as AI and machine learning to take precedence in the future due to their delivering the highest cost savings for enterprises.
The blog also calculates that, over the next five years $347bn of economic value is at risk for the banking sector and $47bn for the capital markets.
This can be prevented by measures such as greater employee education around the threats that exist, a focus on privileged access management to ensure no single employee can compromise security, and the use of technologies such as advanced analytics and automation.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.
BIS and MAS publish blueprint for cross-border payment idea
The Bank for International Settlements and the Monetary Authority of Singapore (MAS) has published a proposed blueprint for the multilateral linking of domestic real-time payment systems across borders.
The blueprint, titled Project Nexus, outlines how countries can fully integrate their retail payment systems onto a single cross-border network, allowing customers to make cross-border transfers instantly and securely via their mobile phones or internet devices.
The Nexus blueprint was developed through consultation with multiple central banks and financial institutions across the globe. It builds on the bilateral linkage between Singapore's PayNow and Thailand's PromptPay, launched in April 2021, and benefits from the experience of the National Payments Corporation of India's (NPCI) development and operation of the Unified Payments Interface (UPI) system.
The Nexus blueprint comprises two main elements:
- Nexus Gateways, to be developed and implemented by the operators of participating countries' national payment systems, will serve to coordinate compliance, foreign exchange conversion, message translation and the sequencing of payments among all participants. These gateways will be predicated on a common set of technical standards, functionalities and operational guidelines set out within the proposal.
- An overarching Nexus Scheme that sets out the governance framework and rulebook for participating retail payment systems, banks and payment service providers to coordinate and effect cross-border payments through the network.
“To achieve significant cost-reduction in cross-border payment transfers, enhancements must be made on two fronts: direct connectivity between domestic faster payment systems, and frictionless foreign exchange on shared common wholesale settlement infrastructures. The BIS Innovation Hub Singapore Centre is working on both. The Nexus project maps out a much-needed set of standards to achieve seamless cross-border payment systems connectivity.” said Sopnendu Mohanty, Chief FinTech Officer, MAS.
How do cross-border payments work?
Cross-border payments are currency transactions between people or businesses that are in different countries. The sender will choose a front-end provider, such as a bank or a money transfer operator (e.g. Transferwise), to initiate the payment. The receiver then receives the payment via the medium specified by the sender. Traditionally, cross-border payments flow via the correspondent banking network (CBN) which most front-end providers use to settle the payment. But, in recent years, new back-end networks emerged to optimise cross-border payments and enable interoperability between payment methods and provide senders with more possibilities to reach the receiver.
The increased international mobility of goods, services, capital, and people have contributed to the growing economic importance of cross-border payments. The value of cross-border payments is estimated to increase from almost $150 trillion in 2017 to over $250 trillion by 2027, equating to a rise of over $100 trillion in just 10 years.