The risk is that in the rush to release new applications, security controls are often ignored. In contrast, financial institutions may be more conservative around risk, which could slow their innovation and time to market. Advanced security supports a balance between mitigating risk and driving innovation. Security becomes the fundamental enabler.
Securing financial institutions is a complex task. Financial institutions are a key target for criminals, accounting for over 25% of all global cybercrime attacks, which were estimated to have cost over $400 billion across all sectors last year. And as banks roll out increasing numbers of online services and mobile apps, the number of potential access points and vulnerabilities increases. So it's a perfect storm - banks hold the money, and they have a large exposure area. In addition, more than half of fraud incidents within financial institutions involve insiders, further complicating the environment.
South Africa is not immune to cyber threats. In fact, African financial institutions are among the top targets for cyber criminals in the world. South African banks and financial institutions deal with literally millions of threats: a myriad of security alerts and scores of incidents of fraud - some involving millions - every day. They are well aware of the risks and put in place layers of security to mitigate risk. However, they face serious challenges in terms of the resources they have available to monitor and manage all these threats and prioritise alerts.
Large enterprises in South Africa, including financial institutions, typically have hundreds to thousands of applications running all of which need constant managing, patching and updating. In addition, thousands of security alerts may be demanding attention. Staying on top of this situation is a huge challenge and the teams managing the environment are often under-resourced or under skilled. In effect, they are fighting an ongoing fire and having to guess at which components should be prioritised.
Global security player, IBM, has a security framework that addresses all of the key security concerns for large enterprises and financial institutions. A key component of the solutions set is X-Force Exchange, IBM's threat intelligence-sharing platform. "The fact that we have over 6,000 highly skilled research engineers scanning the globe to understand cyber threat dynamics, and that IBM monitors around two billion incidents a day, provides an indication of the scale of the risk environment today.
To mitigate risk, South African financial institutions need to take a multi-layered, integrated and data-driven approach to security in order to cope with the growing onslaught of threats. Effective security begins with a foundation partner to take care of the fundamentals you need. It must be a multi-faceted solution that addresses people security, infrastructure security and network security in an integrated way. There must be the ability to correlate chains of events and intelligently analyse the data emerging from layers of security.
The efficiency of a security ecosystem depends on the organisation's ability to sift through millions of alerts, understand what they mean and respond appropriately. X-Force Exchange has a view of all events on a global basis, the logic of how they occur together and in sequence, thus enabling us to build a logic chain of how an event occurs. This level of insight is crucial in helping organisations understand attack modus operandi and so prioritise security responses.
With the right levels of security in place, financial institutions are positioned to benefit from disruptive technologies such as cloud and mobile, and they gain the ability to go to market faster with innovations. Today, security plays a dual role in innovation, where security concerns might be an inhibitor. But on the other hand, security is also the enabler.
Banks in South Africa are increasingly looking to cloud services and mobile applications to empower their workforces and improve the customer experience. But the most crucial question around cloud, online services and mobile applications is - is it secure? Financial institutions that can guarantee the security of innovative new tools will have the competitive edge in the market.
