Cybercrime is a major threat to the burgeoning financial technology industry, according to a new consortium created by the World Economic Forum (WEF).
In a newly published whitepaper, it calls for increased cooperation across public and private sectors to help organisations address evolving security challenges.
Technologies such as AI, biometrics, blockchain and open APIs are creating new opportunities for organisations across the financial services industry to improve customer experience, drive operational efficiencies and gain a competitive advantage. In being quick to embrace rapid digitisation, however, organisations may be leaving themselves unduly exposed to cyber security risks.
“The digital revolution impacting so many industries is reshaping how people all over the world shop, bank and invest. As the payment environment grows ever more complex and interconnected, security and trust are
more important than ever.”Ellen Richey, WEF Steering Committee
Maintaining secure and trusted financial services
To help tackle the growing cyber threat, the WEF consortium recommends 19 solutions that fintech organisations should introduce to protect themselves and the wider financial community.
These solutions are split across nine solution categories:
- System architecture redesign
- Regulation of innovation process
- Technical investment and transparency
- Data management improvements
- Containment and recovery procedures
- Threat information sharing
- Collaborative industry capabilities
- Contingent recovery arrangements
- Central industry utilities
Key WEF security recommendations
In its whitepaper ‘Innovation-Driven Cyber-Risk to Customer Data in Financial Services’, the World Economic Forum committee advises financial services organisations to improve cyber security by:
1. Practicing privacy by design
By striving to be first to market with new products and services, financial services organisations can view cybersecurity as an afterthought. The committee wants all fintech firms, especially new market entrants, to recognise the dangers of prioritising ease of use and accessibility by considering cybersecurity from the design stage.
2. Understanding how data is processed
Ensuring that fintech organisations understand the source and flow of data, as well as how it is consented and classified, are key report recommendations designed to improve information transparency.
3. Improving employee and customer education
Humans are commonly cited as the weakest link in the cyber security chain. The WEF whitepaper recommends that fintech organisations set up dedicated awareness and training programmes to encourage employees and customers to practice responsible data security.
4. Implementing breach response procedures
To minimise the severity of attacks, it’s recommended that firms have procedures and ‘playbooks’ in place to clearly outline incident response actions in a variety of breach scenarios.
5. Conducting regular security assessments
The evolving threat landscape means that many companies are not aware of weaknesses in their IT infrastructure. To help mitigate this risk, fintech companies are advised to frequently assess their systems and defences, as well as collaborate with peers to ensure that security information is shared widely.
6. Adopting cyber risk metrics
To help business leaders better understand their organisation’s security posture, the WEF committee report recommends the development and industry-wide adoption of standardised measures for quantifying cyber risk.
N.B. While the WEF consortium believes that all the controls outlined in its whitepaper are important ways to help fintech firms reduce cyber risk, it suggests prioritising the introduction of cyber risk measurement and cyber security assessment. Included among its proposals is a joint industry venture designed to define key metrics and leverage control frameworks such as NIST.
How to address the WEF recommendations
As a leading provider of managed security services, Redscan has extensive experience helping organisations across the financial services sector meet strict data security requirements. Our offensive security experts are among the most qualified in the industry, working as an extension of clients’ in-house teams to deliver a wide range of solutions designed to prevent, detect and respond to threats. This includes CREST accredited Penetration Testing, Data Readiness Assessments and Managed Detection and Response.
Learn more about our range of award-winning services
Useful resources:
Is your data security GDPR-ready? Four key questions to ask
Swift CSP Self-Attestation and the value of independent security validation
MDR: redefining threat monitoring and remediation