Todd Schoeman, BT Client Business Director in South Africa, explains how ecosystem thinking can help financial services firms keep themselves and their customers safe in a rapidly evolving cyberthreat landscape.
Financial services firms face a global threat environment that is constantly evolving as new technologies, adversaries, and criminal techniques emerge weekly. With more and greater digital risks at play than ever in history, and increased regulations being introduced in response, staying ahead will require organisations to draw on critical partnerships. These will aim to blend the latest in security technologies to keep their people and customers secure while simultaneously keeping the company compliant.
So as digital threats proliferate, malicious actors become more sophisticated and organised, and regulations tighten -- the best defence will be a multi-layered, fully integrated approach to fraud and digital risk. We call it ecosystem thinking.
Ecosystem thinking enables fraud and risk to be tackled across the whole organisation. Instead of a fragmented focus on specific parts of the puzzle and multiple in-country point products as a response, ecosystem thinking allows for a consistent, end-to-end, global solution to be built that brings partners together to stay ahead of the threat.
The financial services risk environment, though sprawling and complex, can be split into three primary arenas:
#1 Consumer fraud
This is a high-profile fraud risk financial services organisations face, where 61% of fraud losses involve the contact centre, and is exacerbated by both the increase in work-from-home practices and the use of online and over-the-phone contact centres. Fraudsters are also using more sophisticated tactics, from ‘deepfake’ identities to intelligent malware that adapts to its environment to evade detection. Research shows that 1.5bn minutes are wasted per year going through the authentication process – so there’s work left to do to create a seamless customer experience.
#2 Employee fraud
Insider threats are difficult to manage and are unique in both impact and scale. The proliferation of connected devices and a burgeoning ‘work from anywhere’ culture is radically changing the way organisations assess and monitor these risks. The challenge is how to introduce robust privilege management and role-based controls such as multi-factor authentication (MFA) and Zero Trust security models, without preventing legitimate actors - such as employees and third-party contractors - from doing their jobs.
#3 Cyber risk
This is the top non-financial operational risk category in banking. Most banking losses are cyber- or tech-related and range from phishing scams and amateur scammers (who use existing code to commit cybercrime) to nation-state hackers. It’s also about the quantification of these threats, and the fact that calculating the risk of cyber exposure in monetary terms is exceptionally difficult. Current ‘risk matrices’ often use ordinal scoring (low, medium, high) rather than quantitative, statistical methods; or they focus on specific controls instead of the organisation holistically.
Only 36% of executives strongly agree that their current cyber risk processes enable them to securely achieve their business objectives. Ecosystem thinking enables the blueprint for financial services organisations looking to expand their fraud and security strategy to be changed. It tackles consumer fraud with layered authentication that protects customers by providing real-time call validation technology along with voice biometrics in the contact centre that helps reduce agent handling time.
When it comes to employee fraud, every process, application, and area of infrastructure must rely on the protection of core assets, even from the company’s own employees. A comprehensive set of controls to support the Zero Trust journey, layered with market-leading identity management tools, will protect those core assets without compromising productivity or user journeys for team members.
The next layers in the ecosystem go beyond identifying and responding to ongoing attacks, by anticipating them, then quantifying the degree of risk. Minimising cyber risk is an informed business decision, thus it’s vital for firms to objectively quantify risk and predict cyber breaches using data science principles rather than nebulous scales and expert opinion.
For financial services organisations to become resilient to fraud and cybercrime, it is critical to partner with leading and trusted solutions providers who can knit together multiple layers of security to minimise the holes in their defences. With the right partner, it becomes possible to manage fraud and risk across the entire organisation, leveraging the most up-to-date thinking and technology through a single point of access.