Cyber-security the biggest barrier to fintech and banking sector partnerships in Asia
By Digital News Asia April 13, 2018
- Fintech companies typically have fewer human and capital resources to spend on security
- Should integrate isolated security solutions using a common security fabric approach
FORTINET, a leader in broad, integrated and automated cyber-security solutions, on April 12 called for established financial institutions and their fintech partners to jointly address critical cyber-security needs in order to forge successful collaborations.
The general lack of cyber-security safeguards in fintech companies has raised serious concerns around data protection and compliance, especially with the implementation of the EU’s GDPR in May 2018. The recent spate of global cyber-attacks has also emphasised the need for application security and cloud protection.
“While the majority of banks view these partnerships as necessary, 71% have also expressed concerns with the cyber-risks associated with fintech firms, while 48% cited regulatory risks as deterrence. Fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns especially surround application security and cloud use, which are the most important development inflection points that the market is demanding,” said Fortinet country manager for Malaysia Alex Loh (pic, right).
Fintech companies have been able to innovate at a rapid pace, as they are not bound by legacy IT or, especially, extreme governance. This has allowed them to churn out new products and updates at an increased rate that regulatory bodies have struggled to keep up with.
However, as fintech becomes more ingrained in consumers’ everyday lives, accessing and storing the sensitive personal data that cyber-criminals covet is an increasing challenge, and regulatory crackdowns are inevitable.
Large financial institutions and smaller fintech companies are increasingly leveraging on each other to successfully meet the growing consumer demands in Asia Pacific for greater accessibility and management of their finances.
For established firms, such fintech partnerships will allow for faster innovation, while the value for smaller fintech firms will come from the revenue, scale, and credibility banks provide.
According to market researcher Frost & Sullivan, the Asia Pacific fintech market is witnessing unprecedented growth, driven primarily by digital payments. The Fintech industry in Asia Pacific is expected to reach US$72 billion by 2020, at a compounded annual growth rate (CAGR) of 72.5%.
To remain competitive in the new digital era, Fortinet advises banks and fintech companies to find a way forward that allows for technical innovation and performance without compromising security by focusing on the following key security areas:
Application security: Fintech largely relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Applications are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks.
Banks and fintechs need to ensure that a robust application security infrastructure is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as detect and patch vulnerabilities.
Cloud security: Many fintech companies utilise cloud services to provide consistent, scalable performance with lower upfront costs. However, the cloud must be secured differently than a traditional network or data centre, and disparate point solutions often amplify data movement while reducing visibility across these distributed environments.
Banks and fintech firms must ensure that the same security standards they apply to their own networks are applied in the cloud. In addition to detection and prevention, this security must also be dynamically adaptable and scalable to ensure that is can grow seamlessly alongside cloud use.
Additionally, to secure financial data, firms need to implement internal segmentation, along with cloud access security brokers, to improve data visibility while integrating industry security standards.
Automated threat intelligence: An integrated defence needs to be enabled with automated threat intelligence to become a holistic system. As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a timely manner. Machine learning will be integral to this process.
Cyber-criminals are already leveraging on automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organisations to keep pace with cyber-criminals.
“A successful partnership from both sides of the financial services space is dependent on the other. In fact, data shows that three-quarters of large financial firms recognise the importance of collaboration with fintech firms.
“Moving forward, banks and fintech organisations should seek to integrate traditionally isolated security solutions together using a common security fabric approach. This allows for instant and dynamic communication and collaboration within the security architecture,” added Loh.