The region has witnessed a paradigm shift in the way financial services are delivered and consumed – with the emergence of digital banks gaining momentum. These tech-savvy institutions are not merely disrupting the industry, but are also driving a transformation in the banking sector by revolutionising customer experiences and introducing innovative solutions that meet the evolving demands of customers today.
As these financial players who are purely digital, gain momentum, incumbents find themselves at a crossroads. While pressured to embark on a digitalisation journey to remain competitive, this necessary transition also exposes them to a host of problems.
As financial services institutions (FSI) transition from on-premise managed systems and networks to hybrid models, their threat boundaries will extend beyond centralised data and network operating models. With artificial intelligence (AI) now entering the mix as a catalyst, not having the digital systems in place to embrace AI will leave incumbents even further behind digital banks. Moreover, they will have to grapple with the complexities of adopting new technologies to streamline operations and optimise decision-making, as well as the escalating threats from operating online more than ever.
Singapore, in its role as a financial hub, is not immune to these cyber threats. While a majority of attacks have been focused on the end-user – with Singapore’s FSI industry as the leading target of phishing attacks in 2022 – financial institutions too will continue to face an onslaught of attacks as cyber attackers vie to find any loopholes to exploit.
Against this backdrop, the focus is shifting from whether an FSI has experienced a breach to how well-prepared it is to confront an inevitable cyberattack.
Steeper competition, newer technology, more threats
See also: Alibaba anoints new chief in revamp of stalling commerce arm
With digital banks making real-time transactions and instantaneous access to banking solutions an industry standard, FSIs need to speed up their digital transformation initiatives to preserve long-term customer trust and satisfaction. With AI now in the mix, this will only further increase the urgency at which FSIs need to up the ante on their digitalisation initiatives.
For instance, the accessibility and convenience of easy-to use mobile banking applications have led to a surge in its adoption, with customers now demanding more personalised services. While these advancements bring about improved capabilities, they concurrently broaden the attack surface with new software, services, infrastructure, and products.
Not to mention, the cloud is a critical gateway to technologies like AI, which expands the IT infrastructure FSIs need to secure. In other words, this leaves FSIs grappling with the task of prioritising the increasing number of digital identities while managing a smooth exchange of information between systems.
See also: Break up Google? What’s at stake in antitrust action
Furthermore, reports also reveal that ransomware remains the most formidable threat faced by FSIs. The rise of ransomware-as-a-service, bolstered by AI, adds a layer of sophistication to these attacks. Distributed-denial-of-service (DDoS) attacks on FSIs have also experienced a significant 22% year-over-year increase, underscoring the urgency for robust cybersecurity measures.
To complicate matters even more, the financial sector faces challenges such as high rates of insider data breaches, complex corporate structures, and reliance on manual processes for tracking data access and user identities, making it vulnerable to inaccuracies and inconsistencies.
FSIs need to embrace a proactive approach in addressing risks linked to handling sensitive data. Securing this growing number of digital identities will be essential to plugging security gaps and ensuring the resilience of their cybersecurity infrastructure in the face of evolving threats and potential vulnerabilities.
Modernising identity security strategies for the modern banking era
Implementing robust identity security measures is a necessity, and while some FSIs may have well-established and relatively mature regulatory frameworks leading to identity and data security, several organisations in Asia Pacific are either just beginning to adopt or are in the process of enacting related regulations for the first time.
SailPoint’s annual The Horizons of Identity Security report found that despite the crucial role of identity security in the C-suite agenda, 91% of the surveyed identity security decision-makers identified budgetary constraints as the primary obstacle to investment. Additionally, 77% pointed to "limited executive sponsorship or focus." In essence, security professionals are struggling to effectively convey the value of identity security to executive decision-makers within their organisations.
There is a steep cost to not investing in identity security. Inaction could mean falling short on strategic priorities such as digital transformations, cloud migrations, mergers, divestitures, and product innovation.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
The benefits of a well-conceived identity program, however, can be substantial. For example, the same report stated above also found that by implementing AI-driven risk assessment automation, a financial services firm significantly slashed the time spent by frontline managers on user access certifications by 80%, allowing them to redirect their efforts towards revenue-generating activities.
Another instance involves a regional bank migrating 75% of its workloads to the cloud. It faced challenges in provisioning access due to a complex process and manual ticket systems, and by deploying an advanced identity security solution and cloud financial operations practices, it streamlined access provisioning from over 10 days to less than 24 hours per workload. This not only enhanced cloud governance and operational efficiency but also resulted in annual cost savings exceeding US$1.5 million.
Securing the way forward
As FSIs navigate a changing landscape, they can enhance their preparedness for evolving market demands to uphold the highest standards of security and compliance by adopting a modern, robust identity management solution. One which provides integration flexibility and allows seamless adoption of new technologies without compromising security. This will enable banks and financial institutions to incorporate digital services effortlessly.
Comprehensive identity security solutions address this by automating tasks, reducing the need for specialised personnel, and allowing existing staff to focus on strategic initiatives, ensuring efficient resource allocation and a robust security framework.
Ultimately, businesses that adopt the next generation of identity security solutions, will be equipped to stay ahead of emerging threats. This entails an autonomous, unified, and integrated approach that systematically addresses the intricate network of all identities and applications within the organisation. A unified identity security platform, leveraging AI and machine learning technology, can offer unique insights derived from rich identity context, access activity intelligence, and embedded AI technology for running identity security programs.
The significance of identity security solutions in FSIs cannot be emphasised enough. Incumbents play a critical role, and while digital banks are still minor players in the FSI scene, taking their position for granted may lead to vulnerabilities that compromise the industry’s overall security framework. As FSIs increasingly adopt digital banking, safeguarding sensitive data and upholding regulatory compliance by having a strong identity security foundation will play a crucial role in ensuring the industry's sustained success and resilience.
Eric Kong is the managing director for Asean at SailPoint