Banking/FinanceBreaking News

Exclusive: The evolving security needs of the banking and finance industry

security

Richard Huison and Steve Natton of Gallagher assess how financial organisations are keeping up with the changing digital landscape.

The banking and financial industry has undergone significant changes in recent years. This change is highlighted by the closing down of High Street banks, the reduction in opening hours and the decreasing number of staff available to assist in branches. Not only have banks transitioned to online banking as their primary offering, but various fintechs have embraced the digital world, offering an alternative to traditional financial infrastructures. As explained by Forbes, “Neobanks, sometimes referred to as ‘challenger banks’, are fintech firms that offer apps, software and other technologies to streamline mobile and online banking.” They are “digital first – often, digital only – banking platforms that promise seamless online experiences.”

Gallagher’s Regional General Manager for UK and Europe, Richard Huison, along with Strategic Business Development Manager, Steve Natton, discuss how banking and financial organisations are evolving their security to keep up with this changing digital landscape.

Evolution of the industry

In recent years, many British banks have adopted new approaches to their high street presence as the cashless preference of today’s society has caused a reduction in footfall. The consumer group Which? found that more than a third of the UK’s bank branches closed between January 2015 and August 2019, while many that remain opened, reduced their operating hours.

If you divide banking into different perspectives, retail banking deals directly with retail customers i.e., the public whereas corporate banking deals with corporate customers i.e., businesses and organisations that require services for companies rather than individuals.

“As part of corporate banking, you also have investment banks, which are financial services companies that act as an intermediary in large and complex financial transactions,” says Richard Huison, Regional General Manager for UK/Europe.

“It’s clear that retail banking has rapidly moved towards an online environment and therefore need the right measures in place when it comes to online and mobile banking security. If you consider the investment banks, although there isn’t physical cash held on premise, there are large numbers of financial transactions going through those environments and that kind of financial movement comes with a considerable amount of risk.”

Importance of cybersecurity

Many aspects of the banking and financial sector have been digitalised and while digitalisation offers undeniable benefits, it also increases the need for security, especially cybersecurity.

“If you consider the fact banking and financial organisations have an increasing number of devices that are interconnected and communicating via the Internet, along with the large amounts of data these organisations possess, it’s clear they must protect themselves from cyberattacks,” says Richard.

“Arguably the main concern is no longer that someone could break into these organisations and gain unauthorised access – but that a hacker could take control of an Internet-connected device or use a disparate system to intercept or hack the main system.

“At Gallagher, we have a large number of customers in the banking and financial sector. They choose us because our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage,” explains Richard.

Banks are an attractive target for cybercriminals interested in large-scale theft or sophisticated attacks that disrupt operations. Companies within the investment banking industry have a range of appealing targets, such as payment systems or data on high-net-worth clients. Therefore, cyber-attacks may have several purposes, including stealing money and/or data, extorting ransoms, disrupting business continuity and damaging an organisation’s reputation.

“When you think about the consequences of a data breach within a banking or financial organisation – in financial, regulatory and reputational terms – it is going to be detrimental,” adds Steve Natton, Strategic Business Development Manager for Gallagher. “So, in addition to the physical security measures Gallagher provides, protecting data is one of the key things we do through our end-to-end encryption and user authentication.”

Compliance is everything

While banking and financial institutions have a responsibility to keep people safe and protect assets and data – they must also ensure they are complying with national regulations. As explained by Global Legal Insights: “There are two key regulators in the UK. The Prudential Regulation Authority (PRA) is responsible for the financial safety and soundness of banks, while the Financial Conduct Authority (FCA) is responsible for how banks treat their clients and behave in financial markets.”

“While access control is essential for ensuring operational continuity and avoiding significant costs by protecting a site’s assets from theft and damage, it’s also crucial for ensuring an organisation meets compliance and competencies,” says Richard. “You can implement, enforce and report on business policies and processes at every point using physical security infrastructure and Gallagher’s Command Centre software.”

Financial markets need to be honest, fair and effective, so that consumers get a fair deal. Organisations can effectively manage compliance with business policies, as well as a range of standards and regulations through Gallagher’s Command Centre. Additionally, organisations can ensure individuals accessing their site have the required clearances, credentials, inductions, permits and licenses and other competencies.

“Business integration between Command Centre and the company’s HR system creates a single source of truth when managing data, ensuring competency-based access control decisions can be made using correct, regularly updated information,” says Richard. “Then from an auditing perspective, the flexible, powerful reporting capabilities of Command Centre help you easily produce information to demonstrate compliance with regulations and requirements.”

Future of security

While there are many cybersecurity threats organisations must mitigate against, combating the physical threats are still important. Just like the banking and finance industry, security technology is evolving rapidly. To stay ahead of the game and meet changing needs, security solutions must be adaptable, intuitive and importantly, they need to be mobile.

Double down on authentication

“One of the most effective ways of keeping access to your environment secure is adding another layer of authentication in addition to access credentials,” explains Steve. “There are three authentication factors: something the user knows, something they have, or something they are.”

Better security comes from using at least two different factors of authentication and this is nothing new for banks. For example, if a customer wants to withdraw money from an ATM, they require a card (something they have) and a pin (something they know).

“When we look at the banking and financial industry in general, we are seeing more organisations utilise two factor authentication for a range of reasons, including IT systems and staff logins to internal portals. This only emphasises the importance of enforcing two factor authentication for access credentials,” explains Steve.

The Gallagher Mobile Connect App enables users to use their mobile device just like an access or ID card. Then with optional two-factor authentication, an additional security step is required to gain access (either a fingerprint, PIN, or Face ID).

“Two other ways mobile technology helps increase the layers of an organisation’s security is the inability to clone the physical card and the protection against card sharing within an organisation – as a staff member is less likely to give their phone, compared to an access card, to someone else to use,” adds Steve.

Efficient communication

In today’s increasingly connected world, news is instantly shared via news websites and social media as it happens. An organisation at the heart of that news needs to be able to communicate important information instantly with staff, especially in emergency situations.

“Broadcast Notifications can be sent via the Gallagher Mobile Connect App to provide a trusted source of legitimate information. This is more and more important among the increasing amounts of text message and email spam,” explains Steve.

As a secure communication channel, the app also protects against the threat of hoax or malicious text messages designed to disrupt operations or, in a worst-case scenario, harm people.

Convenient credential management

“If you think about a nationwide bank, they typically have many branches across the country, but will issue access credentials from a central location, such as a Head Office,” explains Steve. “So, when a new staff member joins the business, they will be issued a credential from a central location, which will then have to be shipped across the country.

“Whereas mobile credentials can be issued from a central location straight to the new employee’s mobile device, making mobile credentials more efficient from a total cost of ownership perspective and much safer from a handling point of view,” adds Steve.

Meeting changing needs

As technology changes the world we live in at an increasingly rapid rate, the banking and financial world continues to look to leading security manufacturers for solutions that suit their new ways of working. With so much at stake, it’s little wonder we’re seeing cybersecurity and mobile technology take centre stage for the banking and financial sector.

For more information, visit: security.gallagher.com

This article was originally published in the November edition of Security Journal UK. To get your FREE digital copy, visit: digital.securityjournaluk.com