Security Is Mission Critical For FinTech Resilience

Financial services organisations are facing a variety of challenges from increasing the pace of innovation to meet customer needs in a rapidly digitising world to maintaining high levels of security — all while sustaining regulatory compliance with new and emerging requirements. As digital becomes the primary channel for global enterprises, resilience, in particular broad operational resilience (1), has become a top priority.

The traditional definition of resilience can be explained as “the ability to deliver operations, including critical operations and core business lines, through a disruption from any hazard.”(2) Under this thinking, organisations must think of operational resilience not as a singular activity, but as a desired outcome that should address various operational risks of geopolitical, technological and environmental nature. The same is true for cybersecurity.  Due to rising threats, cybersecurity is a critical area of focus for resilience planning as business operations and end-users can be impacted during a cyberattack leading to service disruptions or financial impacts. 

Global regulators and policymakers have long recognised the importance of operational resilience. The Australian Prudential Regulation Authority (APRA) maintains several papers and standards(3) relevant to operational resilience, including how regulated entities like financial services organisations can withstand potential business disruptions or shocks should a cyberattack or natural disaster occur. 

Leading FSI organisations are constantly reexamining their security and resilience measures in the face of this relentless risk landscape. Keeping pace with these challenges and balancing innovation with shifting security and resilience needs is difficult. At the same time, the operational risk of cybersecurity is increasing as cybercriminals evolve their methods. For example, the Australian Cyber Security Centre(4) recorded a 15 per cent rise in ransomware attacks and cybercrime, costing Australian businesses and individuals AUD 33 billion from July 2020 to June 2021. 

Here are some strategies  to consider for strengthening resilience through the effective management of operational risks like cybersecurity: 

Migrate to the cloud for robust security measures at scale

A recent survey(5) conducted by Google Cloud and Harris Poll found that 88 per cent of FSIs agreed cloud adoption can enhance data security capabilities.  This is in large part because a well-executed migration to the cloud can provide a more secure and therefore resilient foundation to build and scale applications and businesses. Cloud service providers invest in modern and scalable approaches to security that are beyond the technical and commercial means of most FSIs, and as such, by migrating to the cloud, these institutions can immensely benefit from a reduction in cybersecurity risk.

Cloud ‘megatrends’(6) like the economy of scale are part of what helps drive these benefits as more financial institutions rely on cloud-powered tools for both innovation and risk management. The pace of these security enhancements happening in the cloud and the extent of the advanced security features cloud providers are able to deliver in products consistently provides a level of security and resilience that few organisations can achieve managing their own on-premise data centres or infrastructure. 

Adopt a “Zero Trust” approach to secure end-user access and production services

One of the most commonly used and misunderstood concepts in cybersecurity today is the phrase “Zero Trust”. At its core, a Zero Trust approach centres around the idea that implicit trust in any single component of a complex, interconnected system can create significant security risks. Instead, trust needs to be established via multiple mechanisms and continuously verified. 

Implementing a Zero Trust architecture instead of relying solely on perimeter defences such as firewalls, isolation or antivirus solutions, is a necessary step in modernising an organisations methods of data protection. 

With the proliferation of hybrid work models, bring-your-own-devices, diverse and interconnected systems, remote employees need to be able to work from untrusted networks without the use of a Virtual Private Network (VPN). By shifting access controls from the network perimeter to individual users, Zero Trust solutions like BeyondCorp Enterprise, can deliver user and device-based authentication and authorisation to eliminate classes of threats and help organisations safeguard their corporate resources. 

And while end-user access is most commonly associated with a Zero Trust approach, it's also critical to apply these principles to other domains such as how organisations secure their workloads on cloud-native infrastructure. Adopting a holistic Zero Trust architecture for software production and user access is key to ensuring an FSIs agility, flexibility, security and resilience are more in balance than they could be previously.

Improve financial risk management programs with the cloud

Financial risk modelling requires substantial compute resources and infrastructure that can be costly and cumbersome for FSIs to have on-premise. Purpose-built cloud technology can deliver fast, secure, scalable data processing services to help FSIs calculate enterprise-level risk workloads as necessary while reducing the time needed to generate reports.  By harnessing this scale and speed of high-performance computing (HPC), financial institutions can calculate, simulate and respond to risk, in real-time or on-demand without the need for expensive server farms. These operational gains of cloud-enabled risk management can help improve FSI agility, productivity, regulatory compliance and overall resilience. 

The financial sector is poised for growth with innovative cloud technologies, which are changing the way FSIs achieve operational resilience. With the expectation that the threat environment will continue to evolve, financial services organisations must be prepared and explore new ways to strengthen their security and resilience for long-term success with the cloud.

(1) “Strengthening Operational Resilience in Financial Services by Migrating to Google Cloud”, Nick Godfrey, Dave Hannigan, David Knott, John Abel, Google Cybersecurity Action Team

(2) “Sound Practices to Strengthen Operational Resilience”, FRB, OCC, FDIC

(3) “COVID-19: A real-world test of operational resilience”, Australian Prudential Regulation Authority

(4) “ACSC Annual Cyber Threat Report 2020-21”, Australian Cyber Security Centre

(5) “Google Cloud study: Cloud adoption increasing in financial services, but regulatory hurdles remain”, Zac Maufe, Managing Director, Google Cloud, Financial Services

(6) “Megatrends drive cloud adoption—and improve security for all”, Phil Venables, VP/CISO, Google Cloud