AFSC 2017: Of Tech, Transparency and Trust
Moving into day two of IDC’s AFSC 2017 event in Singapore, it seemed ironic that the night before, security researchers had discovered a breach of ‘Heartbleed’ proportions. The bug dubbed Cloudbleed because of its similarity to the Heartbleed worm is leaking customer HTTPS sessions from potentially up to 2 million websites.
What makes it more ironic is the theme of the conference – “Trust: redefining partnerships, platforms and customer experience.”
Because, besides the security, privacy and data integrity aspect of the theme, the conference was also a showcase of the many digital business models that have emerged, that are simplifying operations and making life easier for consumers.
There were many impressive examples of technology being put to real-value work.
DBS’ digibank app has gained nearly one million customers in less than 12 months since launch, and it managed all this across 4-6 countries with only 20 people handling operations, no physical branches and without ever having seen any of their customers. New services like soft tokens, chatbots and electronic Know-Your-Customer (e-KYC) are also being introduced into DBS’ core markets and digibank will finally be available to Indonesians this month.
Global banking services provider Citi, uses voice prints to authenticate its customers quickly over the phone, a huge step forward for the customer service industry and foundation-laying for predicting customers’ moods and more accurately anticipating their needs.
ANZ Bank is using cognitive computing in areas like advisory, risk and back office automation, and has reported loan approval times decreasing by 5-percent because of 50-percent increase in automation use.
All this is and much more is possible now thanks to technology, yes.
But flip this thinking to that of a chief security officer and through his or her lens see how cyber attackers could leverage these technologies as vulnerabilities to severely compromise security, privacy and data integrity.
Moving along fine in spite of this
IDC’s Associate VP of IDC Financial Insights Michael Araneta said that in 2018, there would be an average of 18 interaction channels that banks would have to maintain.
There is definitely an upsurge in banking activity as a result of more digital technologies in banking.
In Asia Pacific, seven countries still report over 50-percent of their population have no access to banking facilities, but supporting technologies like next-generation mobile connectivity, biometrics, locational intelligence and multimedia capabilities can effectively address this unbanked segment.
The promise of up to 18 channels being maintained by a bank, also seems to indicate consumer confidence that whoever holds their data will take care of it, thanks in part to privacy laws that have been put in place.
Araneta said, “The issue with security is that there has been an increase in breaches and data cyber fraud. But while this is happening the security capabilities of organisations have also increased – end-point, user behaviour analytics capabilities – tools themselves have become more sophisticated as well.”
An important thing to note however is that there is still the matter of execution and investment capability of banks. Banks, in theory, should be able to block out threats and secure gaps and loopholes, but this may not necessarily be the case, in reality.
The other side of the coin of opportunity
Just as digital technologies is creating business opportunities, it is also multiplying the surface for vulnerabilities and cyberattacks to happen.
But, what is scarier than this exponentially increasing risk, is the ‘illusion’ that we are trying to protect our systems from threats outside the firewall.
IDC’s Vice President of Security Practice Simon Piff pointed out, there is currently too much emphasis upon securing perimeters from outside threats.
“Most organisations (also meaning banks) have already been breached. So, they are protecting, but against what?”
Basically, Piff goes on to say that if banks are not looking internally at existing systems where there is potentially malicious code or actors, then that bank is missing a big chunk of the problem.
“The CISO of a very large company has said, ‘If you are not hunting for threats, you are being hunted.’ In reality, organisations do not have the time, capability or resources to hunt for threats.
“That’s an area that needs to change,” Piff said.
But, there’s more to think about, on the part of not just businesses but also regulators and law-makers.
Piff explained, “We see a lot of news from America and Europe but that’s because there are disclosure laws. There are no disclosure laws in Asia and there’s probably a lot worse things happening here that we don’t know about… and that’s more concerning!”
(This journalist was a guest of IDC’s to Asian Financial Services Congress 2017 in Singapore)